On Mon, 16 Nov 2009 00:11:59 -0500 Victor Duchovni <victor.ducho...@morganstanley.com> wrote: | On Mon, Nov 16, 2009 at 01:45:07PM +1000, Anthony Thyssen wrote: | | > In Summery the "openssl" command is deficient. | > | > [ various limitations of enc(1) ] | | At the end of the day, OpenSSL is a *library*, not an end-user product, | and enc(1) and friends are developer utilities and "demo" tools. | | When you need a *product*, you build something useful with the | library. Yes, enc(1) should be better, but it is likely not a priority | relative to improving the library. |
As a follow up. Yes I created my file encryption program, use Perl which has access to the standard encryption methods, though not it seems to the PBKDF2 function. Just as openssl does not provide command line access to this function. One PERL module Crypto::PBKDF2 is available in CPAN, but has so many dependencies on other modules it was deemed useless. For about 6 months I solved the problem by using a C program "pbkdf2" which breaks out the PKCS5_PBKDF2_HMAC_SHA1() function. This was developed from another C program "pkcs5.c" found a number of times on this mailing list. The program accepts the passphrase via stdin, the salt and iteration count on the command line (in hex) and returns the key+iv as hex on stdout. It worked well, did the job, though was a kludge. You can look at "pbkdf2" source at http://www.cit.griffith.edu.au/~anthony/software/pbkdf2.c Recent ally on another forum I can across someone else having a similar problem, access to the same function from perl. A PBKDF2 equivalent function written purely in perl was found and provide to produce the correct results. It was also quite small to, though as it was in perl it was slightly slower than the C equivalent. I first used that function to create a replacement "pbkdf2" command http://www.cit.griffith.edu.au/~anthony/software/pbkdf2.pl And then incorporated directly into my file encryption perl script. http://www.cit.griffith.edu.au/~anthony/software/encrypt.pl I am still looking to access the OpenSSL function from perl (strange it is not available), but am happy with the current solution(s). Comments welcome. Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au> -------------------------------------------------------------------------- God is in the Details! -------------------------------------------------------------------------- Anthony's Castle http://www.cit.griffith.edu.au/~anthony/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
