On Thu, Sep 3, 2009 at 6:36 PM, Dave
Thompson<dave.thomp...@princetonpayments.com> wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Hazel John
>> Sent: Thursday, 03 September, 2009 15:25
>
>> openssl enc -aes-256-cbc -K
>> 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E
>> 1F -iv 00112233445566778899AABBCCDDEEFF -e -in input.txt -out
>> output.enc
>> [and same with -d]
>
> I note these do not have -a, which you mentioned upthread,
> and so produce and expect raw "binary" data not "readable".
Since the base 64 encoding/decoding matches up in the command line and
program, I wanted to get it out of the picture to decode just the aes
encryption issue.
>
>> AES_KEY key;
>> string sInput;
>> cout << " enter string (size < 128) : ";
>> cin >> sInput;
>> cout << "input is " << sInput << endl;
>>
> This will read only one whitespace-delimited token
> aka word. Is that what you want?
Yes, I just want to encrypt simple strings (no white space and
printable characters)
>
>> int inlen = sInput.size();
>>
>> unsigned char pIV[16];
>> unsigned char pIn[128];
>> unsigned char pOut[128];
>> memset(pOut, 0, 128);
>> memset(pIn, 0, 128);
>>
>> memcpy(pIn, sInput.c_str(), inlen);
>> AES_set_encrypt_key(aes_key, 256, &key);
>> //AES_ecb_encrypt(input, pOut, &key, AES_ENCRYPT);
>> memcpy(pIV, aes_iv, 16);
>> AES_cbc_encrypt(pIn, pOut, inlen, &key, pIV, AES_ENCRYPT);
>
> commandline enc does PKCS5 block padding (at least for block modes)
> unless you specify -nopad (and then you can only do full block data).
> EVP does this (if enabled) but the cipher-level primitives don't.
> Either do padding yourself; have EVP do padding; or use enc -nopad.
I tried enc -nopad and used 16 byte input for both, but it still failed.
>
>> cout << "encrypted output is: ";
>> for (unsigned int i = 0; i < 128; ++i)
>> {
>> cout << hex << showbase << pOut[i];
>> }
>> cout << endl;
>
> This outputs the raw data; pOut[i] is an unsigned char,
> and is therefore output as a char, not converted to hex.
> If you make it (int)pOut[i], it does convert,
> but the results are run together and hard to read.
> This is one situation where C(style) printf can be easier.
>
> Also commandline enc doesn't output or input ciphertext in hex.
> By default it does raw "binary", with -a it does base64.
> If you want to match or complement it, you must do one of those.
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-us...@openssl.org
> Automated List Manager majord...@openssl.org
>
Anyway, I finally decided to take advantage of the openssl CVS
repository, tweaked my encrypt/decrypt to mimic the steps that openssl
takes with my specific parameters. Changed it to look at a c++ string
instead of reading/writing to file and it finally worked :)
Thanks for all the help.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
