> From: openssl-users <openssl-users-boun...@openssl.org> On Behalf Of John > Alway > Sent: Saturday, 9 April, 2022 19:45
> From this site https://slproweb.com/products/Win32OpenSSL.html > I downloaded " Win32 OpenSSL v3.0.2" MSI Well, I suppose that's one option. Personally I would not use a build from some random website; I'd build it myself, after verifying the signature on the tarball. > Anyway, the long and short of it is that I am having a bear of a time getting > things > to work. I did get base64 coding/encoding working, and I was able to get > this guys example working: ... > However, his second example ... only half worked for me. The encryption > worked, but > the decryption threw an error in EVP_DecryptFinal_ex, where it returned error > code > 0. (Writing code based on videos? Seems baffling to me. Anyway...) Many examples of using OpenSSL you might find online are not of particularly good quality. Many examples will be for older OpenSSL releases; the API has changed periodically. I recommend you use a decent source, such as the OpenSSL Wiki, which can be found by going to openssl.org and looking around. (I'm not digging up a link because this will be a good exercise.) The wiki is haphazard and of mixed quality, which of course is the nature of a wiki, but at least much of it has been examined by people with some measure of OpenSSL experience. > Anyway, I'm trying to encrypt/decrypt using RSA and DES schemes. I've tried > some of > the older code examples I could find, but some of the functions weren't > recognized by > my header files. Kenneth Goldman has already pointed out that your choice of encryption algorithms is suspect. To that I'd add: - RSA as an asymmetric cipher is no longer preferred. It's useful primarily when you need to support peers who don't do anything better. That might be true in your case, but you've failed to tell us anything about your use case. That's a significant omission. When posting to openssl-users, it's almost always a good idea to explain your use case. - DES is only useful if you have to support it for backward compatibility, or for academic interest. - A cryptosystem is not just a cryptographic algorithm (which is what RSA and DES are; they are not "schemes", which suggests something more complete). It is very easy to misuse cryptographic algorithms in ways which defeat security for all but the most naive attacks. If you're not a cryptographer, you should not create your own cryptosystems, even using well-known algorithms, except for experimentation or learning purposes. Don't use homemade cryptosystems in production. - If all you want is to encrypt some data, and do ... something ... with asymmetric crypography, and you're running on Windows, then why are you using OpenSSL? OpenSSL is a reasonably good choice for a cryptographic library if you're on Linux or UNIX, or you need to be cross-platform. If you're only working with Windows, it's come with cryptographic APIs since at least the Windows XP days. Those are designed to be convenient for Windows developers, and you get OS key management in the bargain. > Can anyone help me with this? I want to encrypt fairly long strings. A few > hundred > bytes or so. Maybe longer. Those aren't "long" for symmetric-encryption purposes. They may start to be troublesome for asymmetric encryption, but if you're encrypting application data asymmetrically you're Doing It Wrong anyway. > If I can do a continuous stream of blocks that would be great, as well. "A continuous stream of blocks" could mean any number of things. To a first approximation, of course you can; but there isn't enough information here for us to discern what you're actually trying to do. > Also, is there an efficient way to search this email list? I was trying to >search > for similar questions but wasn't able. Possibly your questions are too broad and vague? There will be many discussions of encryption, for example. If you need to use cryptography, it really helps to either use an API with high-level abstractions to minimize what might go wrong; or learn the basics of modern cryptography first, e.g. from a book like /Applied Cryptography/ or /Cryptographic Engineering/, before wading into writing code. Modern cryptography is complicated and easy to get wrong. I've seen plenty of cases where someone uses a cipher in a way that's obviously broken even to someone with only moderate practical experience in the field. > I guess I could use google and the email list name? I've never had a problem just using a web search engine (DDG, in my case) to search for past discussions on the list. It's not impossible that someone has a searchable archive of it somewhere. (I also save messages that seem like they might be particularly useful, but to be honest I rarely refer to my own collection because a web search generally finds what I need.) -- Michael Wojcik
