Re: aes128 code??

Tue, 27 Nov 2007 14:15:26 -0800 

On Tue, 2007-11-27 at 12:07 +0100, Lidia Fernández wrote:
> But....whe i type the command 'openssl enc -a -aes128 -in file.txt -out 
> file.enc -pass pass:1234567'
> i don't specify the iv....and in the sample code there is:
> 
> unsigned char iv[] = {1,2,3,4,5,6,7,8};
> 
> 
> EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
> 
> 
> I have to do the same that the command do.
> How can i do this???
I've attached simply AES, one block, encryption example.
After compiling with:
  $ gcc -Wall -pedantic -o aes_enc -lcrypto aes_enc.c
you may run:
  $ ./aes_enc > enc.bin
then you will be able to decrypt enc.bin file with command:
  $ openssl aes-256-cbc -in enc.bin -K 
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -iv 
000102030405060708090A0B0C0D0E0F -d

When you use -pass from openssl command line key and iv are created with
function EVP_BytesToKey() (which is not very portable).
This function create required key of required length (depending of
encryption algorithm, for example 8 bytes for DES, 24 bytes for 3DES)
and IV of required length (for example 8 bytes for DES and 16 bytes for
AES). If you really want to use this command you need to use
EVP_BytesToKey() in your application to create key and iv and next use
this values in EVP_* routines.

You may check what key/iv is created with command:
$ openssl enc -pass pass:1234 -P -e -aes128
salt=EF7D13C559AD9627
key=015A121AD247476F2C4D8BA860A1B1F5
iv =2A68BE602670D12C69B95CF5072BFA79

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

#include <stdio.h>
#include <string.h>

#include <openssl/aes.h>

int main(int argc, char *argv[])
{
	unsigned char key16[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
	unsigned char key24[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23};
	unsigned char key32[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31};
	unsigned char iv[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};

	unsigned char inbuf[1024]="marek\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a";
	unsigned char outbuf[1024];

	AES_KEY aeskey;

	memset(outbuf, 0, sizeof(outbuf));

	AES_set_encrypt_key(key32, 32*8, &aeskey);

	AES_cbc_encrypt(inbuf, outbuf, 16, &aeskey, iv, AES_ENCRYPT);

	fwrite(outbuf, 1, 16, stdout);

	return(0);
}

Reply via email to