On May 16, 2014, at 4:14 AM, Hooman Fazaeli <hoomanfaza...@gmail.com> wrote:
> On 5/16/2014 2:15 AM, Dave Thompson wrote: >> EVP_BytesToKey implements (a tweak on) the original PKCS#5, which derived a >> key and IV >> by iterated hashing of a (reusable but secret) password with random (i.e. >> unique) salt. >> Given random salt this gives effectively random IV, but is unnecessarily >> complicated. >> >> This was recognized as a not terribly good plan, and the improved PBKDF2 in >> PKCS#5v2 >> derives only the key in a slightly different way (iterated *HMAC* with salt >> *cumulated*) >> leaving the IV, if any, as plain random outside the scope of the PBKDF2 >> primitive. >> OpenSSL does implement PBKDF2, and can use it for PKCS#8 and PKCS#12 etc., >> but kept BytesToKey for compatibility with existing ‘enc’ files and ‘legacy’ >> (pre PKCS#8) keys. >> (Which don’t even really use the iteration feature; they are hardcoded 1!) >> >> Using BytesToKey with random salt to generate the IV is a waste of time, >> and using it with fixed salt violates its specification. Just use random IV. >> Unless you don’t trust your RNG. But in that case you’re better off fixing or >> replacing the RNG, not trying weird things to prop it up. >> >> BytesToKey (like PBKDF1) uses the one iteration count to produce data which >> is returned >> for both key and IV. It does additional round(s) if and only if necessary, a >> PBKDF2-like tweak >> not in standard PBKDF1, but still using the same count. >> >> > Which openssl function does key derivation based on PKCS#5v2? Search the crypto/ subdirectory for occurrences of PKCS5_pbkdf2_set. Basically, you use PKCS5_pbkdf2_set() to create an X509_ALGOR* to be passed to EVP_PBE_CipherInit (actually, you’d pass the algorithm member of the returned X509_ALGOR* as the first parameter to EVP_PBE_CipherInit), which can initialize an EVP_CIPHER_CTX* with the derived key so you can start encrypting/decrypting. If you really need only the key, you might want to do something differently, since the actual key generation is not in a public method (IIRC). TOM > -- > > Best regards. > Hooman Fazaeli > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
