On Mon, Dec 22, 2008 at 12:29:20PM -0800, David Schwartz wrote:
>
> > For information: I am using this key to encrypt / decrypt files
> > locally on a
> > host.
>
> Why not use the RSA key for this purpose, using an established and tested
> algorithm? Since you have the RSA key, and there are any number of
> established algorithms to use an RSA key for encryption, why did you roll
> your own?
This too is wrong, one does not "use RSA" for this purpose, one uses an
established protocol, CMS, S/MIME, PGP, ... when the file is encrypted by
Alice for delivery to Bob, or a reputable symmetric PBE (password based
encryption) when Alice is encrypting the file for later use by Alice and
integrity protection is not required.
All PBE key derivation is via PBKDF2 (with random salt), while for
public key algorithms, one uses random keys encrypted via the public
key of the recipient.
I am not aware of any EVP_MumbleInit() interface in OpenSSL for symmetric
algorithms with integrity protection (a symmetric MAC).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
