On Mon, Jun 29, 2009 at 05:13:52PM +0530, Kumar Rounak wrote:
> i am planning to make an encryption tool which uses openssl to encrypt the
> file using blowfish in cbc mode, is there any way to determine at the
> decrypting tool which is again written using openssl that a file is
> encrypted or not before actually attempting to decrypt the file.
Well, supposed you wanted to super-encrypt a file, how would you know
that the original is to be construed "plain-text"? It is not the content,
but the context that determines what is encrypted, and what is not.
With "openssl enc", you don't get strong integrity guarantees, encryption
does not MAC the data, just pads and encrypts, so you have an ~1:256
chance of not detecting tampering. Yould should consider S/MIME or CMS
in some use cases.
This said, "openssl enc" prepends 16 bytes recognizable "salt" to each
file:
$ openssl enc -des3 </dev/null | od -c
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
0000000 S a l t e d _ _ 020 270 215 341 305 : \r \0
0000020 T 361 336 031 * 330 5 G
0000030
The string "Salted__" is followed by 8 random bytes, which are used to
generate the CBC IV.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
