> From: owner-openssl-us...@openssl.org On Behalf Of Gary > Sent: Friday, 17 September, 2010 09:19
To slightly clarify a few points: > Gary wrote: [needs to use php/mcrypt to produce ciphertext acceptable to openssl enc -d with specific options he can't change] > > Dave Thompson wrote: > (loads of useful stuff) > > > So, to summarise, I need to: > > 1. Make sure the salt is included in the data I send to the receiver Right. And use key+IV derived from passphrase+salt, see below. > > 2. Pad the output per PKCS#5 When using CBC mode (part of your required options) the _input_ (plaintext) must be padded. This is so standard it is usually automatic/implicit, but possibly if you are using a lowerlevel interface you have to do it yourself, or at least request it explicitly. > > 3. Encrypt using the correct mcrypt function > (mcrypt_generic, apparently) > I'm guessing this means you found an option for it to do the PBE key derivation, and so didn't have to do that yourself as I suggested as a last resort. But it must be done somewhere. > Dave, thanks so much for your time and sharing your > knowledge. "I" have fixed this now ... Glad to help. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
