Martin: The buffer that you give to the AES encrypt algorithm must be evenly divisible by 16. Since data may be any size you add padding to get to a 16 byte boundary. If your data happens to be evenly divisible by 16, you add an extra 16 bytes (so that padding always exists). It is common to set the value of the pad bytes to the number of pad bytes. So if the last block has 5 bytes of real data and 11 bytes of padding, set the value of each pad byte to 11 (0x0B).
When decrypting, look at the value in the last byte and subtract it from the size of the encrypted data, and you can recover the plaintext data without padding. Bill -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Salo Sent: September 4, 2007 12:30 PM To: openssl-users@openssl.org Subject: Re: AES cbc? How to Init Openssl? Thanks for the examples. :-) You wrote: > In CBC mode, your encrypted data can be bigger for one block (for padding). But how will I know how big the Buffer A) must be before encryption B) and will be filled after encryption? Example: I want to encrypt 133 Bytes. So I need 9*16 Byte plus maybe one for padding. I give AES_cbc_encrypt a 160 Byte Buffer. But after encryption I dont know if 144 Bytes are used or 160 Bytes. Is there a formula? #include <stdio.h> #include <string.h> #include <openssl/aes.h> #include <cmath> #include <cstdlib> unsigned char key32[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30,31}; void OpenSSLEncAes( const unsigned char *ToEncrypt, const unsigned int InLength, unsigned char **Encrypted, unsigned int *OutLength) { AES_KEY aeskey; unsigned int BufferLen; unsigned char iv[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; // How big must be the buffer? My solution: // Round up to fill the last 16 Byte block AND add one additional block for padding: BufferLen = (unsigned int)(16*ceil(1+InLength/16.0)); // 16 = AES block size AES_set_encrypt_key(key32, 32*8, &aeskey); *Encrypted = new unsigned char[BufferLen]; AES_cbc_encrypt(ToEncrypt, *Encrypted, BufferLen, &aeskey, iv, AES_ENCRYPT); fwrite(*Encrypted, 1, 16, stdout); } int main() { unsigned char *Encrypted=0; unsigned int OutLen=0; unsigned char *ToEncrypt=(unsigned char *)"marek"; OpenSSLEncAes(ToEncrypt, strlen((char *)ToEncrypt), &Encrypted, &OutLen); return 0; } -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
