> From: owner-openssl-us...@openssl.org On Behalf Of brechmos > Sent: Thursday, 12 March, 2009 17:55
> Yeah, I appreciate that. > > What I can't see in the docs is how the key and IV is defined from the > password and if I can do that without calling the openssl enc > call. If the > key and IV were from an md5 then I could do "echo '1234' | openssl md5". > But it isn't md5 and I can't figure out what it is... > It is by default based on md5, but is not just md5. Specifically it is the routine EVP_BytesToKey, which (at least in 0.9.8) has a section-3 manpage. Since the details of key derivation (in general) are fiddly, you might prefer to look at the source which is in $distdir/crypto/evp/evp_key.c . In case you're not aware of the structure and naming, EVP is a module, and EVP_* are routines types and values, that provide a 'generic' wrapper around all algorithms. (In other words, OpenSSL has SHA1 primitives named SHA1_*, MD5 primitives named MD5_*, AES primitives named AES_*, RSA primitives named RSA_*, DSA primitives named DSA_*, etc., which you can call directly if that's all you want. However most crypto applications, like SSL, X.509, PEM, etc., support multiple algorithms, with the specific algo identified in the protocol or format, often by ASN.1 AlgorithmIdentifier. EVP provides a single interface on which you can select an algorithm by one of several identifiers, then use it with unvarying code. This is how the 'enc' and 'dgst' commandlines work: they set up an EVP_CIPHER or EVP_MD using the algorithm specified by the commandline, and then run through the data using that EVP, which internally dispatches to the specific cipher or digest.) In particular it appears EVP_BytesToKey can generate a key, and IV if applicable (per mode?), for any supported cipher, from a passphrase and optionally salt, using any supported hash. If you want to replicate this key derivation yourself, note: in a commandline like echo mypass | openssl dgst -somedigest the hash covers all the data passed through the pipe including the line terminator (Unix NL, Windows/DOS CR LF, other systems may differ). For passphrase based encryption aka PBE, by convention the passphrase is only the "graphic" string without any terminator. *Some* echo commands have option to leave out the terminator, but the option varies. And Windows CMD, at least some versions, echo includes a trailing SPACE which isn't even visible. If you write (C) code to do this, it's up to you. C fgets() (usually) includes the newline in the buffer. Unix getpass() should not. Windows WhateverDialogBox I don't know. As mentioned on the manpage, the more popular current standard for PBE key derivation is PKCS5 version 2, which is NOT what EVP_BytesToKey implements. If you are writing a new application, you should consider using v2 instead. > > Dave Thompson-4 wrote: <snip: previous question about providing the passphrase to 'enc'.> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
