> From: owner-openssl-us...@openssl.org On Behalf Of ronald braswell
> Sent: Thursday, 22 July, 2010 10:15
> I want to encrypt a password on disk using 'openssl enc -e
-des-ede3-cbc'
> and decrypt it using the openssl libcrypto in a C program. I can encrypt
and decrypt
> the password in the file sucessfully using the command line utility but
when decrypting
> with the C program EVP_DecryptFinal fails with 0. The
documentation indicates
> that this will happen if the last block is not correct. My questions
are:
Yes but no. It fails if an error is *detected* on the last block,
namely in the padding. Symmetric ciphers themselves have no error
detection, because all possible bit combinations are valid plaintext.
If you decrypt with the wrong key, you just get garbage, except for
the last block IF you use(d) padding, which most people normally do
and 'enc' does by default. (Wrong IV may also give garbage depending
on the mode: for CBC or CFB it only destroys the first block but for
OFB and CTR (IIRC) it kills everything; ECB uses no IV at all, but is
usually a Bad Idea for other reasons.) (Asymmetric primitives like RSA
also have little or no error detection and are used with padding
methods, but becuase they are used for different purposes the
padding methods are also different; e.g. sign != keytransport.)
> 1) des-ede3-cbc requires an IV and key. How does the openssl
> command obtain the IV and key that is required to decrypt the file?
(To be precise, the 'enc' utility. The openssl executable is just
a dozen or so utilities like 'enc' and 'rsa' linked together
with a dispatcher and a few common lowlevel functions. 'enc' does
keys etc. one way, and 'smime' does something entirely different.)
If you use the default (prompting) or -k or -kfile or -pass:
man EVP_BytesToKey // and IV, despite the name
vi apps/enc.c
vi crypto/evp/evp_key.c
PKCS#5 (v1.5 = PBKDF1 part of v2.0 = RFC2898)
Basically it hashes the passphrase with a nonce value called salt.
(PKCS#5 can iterate the hash, but 'enc' doesn't use this option.)
If you add -p (or -P) it displays the generated key and IV.
If you use -K (uppercase) and -iv, it doesn't do password-based
key and iv derivation, it just uses exactly what you specify.
Which you then need to convey to the recipient.
> 2) If this is a padding issue, how do I correct the padding?
It's only *detected* by the padding. You use the correct key and IV
(if applicable) probably by deriving (correctly) from the passphrase
and salt, then you *get* correct decryption and padding.
> 3) The encrypted file begins with 'salt__'. Do I start
> with an offset in the encrypted file other than 0 in the C program?
Are you sure? It should be 'Salted__'. (Note spelling and case.)
vi apps/enc.c
To do password-based derivation, you read the salt from the file
and hash it with the user-supplied passphrase.
You read the ciphertext starting after the salt.
> 4) Are the key and IV stored in the encrypted file?
> How does the C program extract it?
NO. Just think: if they were, you would get no security.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
