On Tue, May 17, 2011 at 02:22:46AM -0700, G S wrote:
> 1. Generate a random key and initialization vector to encrypt the block of
> text.
> 2. Encrypt that random key with the RSA public key.
> 3. Encrypt the data payload with the random key and IV, using Blowfish or
> other encryption.
> 4. Send the encrypted data payload, encrypted random key, and IV to the
> server for decryption.
>
> I think I'm nearly there: I'm generating a random key and IV; I have the
> public key coming back from the database and being loaded with
> PEM_read_bio_RSA_PUBKEY(). Now I guess I need to use the EVP_encrypt
> functions to encrypt the payload, but how do you calculate the size of the
> output buffer that's required for the encrypted data?
The CMS support in OpenSSL nicely packages-up all the required features,
generating a binary (or S/MIME, but you probably want binary) structure
that contains the encrypted key and encrypted payload.
If you are using OpenSSL 0.9.8 (1.0.0 is better), see CMS_Encrypt(1),
and for example usage, read the code in apps/cms.c.
man cms
man CMS_encrypt
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
