On Tue, Aug 03, 1999 at 12:07:54PM +0200, Alberto Velo wrote: > now I'd like to do a simple application, which gets an ascii input file and > creates an encrypted (DES) output file. > > I am able to do this with ssleay: > ssleay.exe enc -des -in input.txt -out output.txt -e -a -k mypassword > > I believe the des functions des_enc_read() or des_fcrypt() should be useful > for me, [...] They are not. As noted in crypto/des/enc_read.c, * - The data format used by des_enc_write() and des_enc_read() * has a cryptographic weakness: When asked to write more * than MAXWRITE bytes, des_enc_write will split the data * into several chunks that are all encrypted * using the same IV. So don't use these functions unless you * are sure you know what you do (in which case you might * not want to use them anyway). And des_fcrypt is an implementation of the standard Unix password encryption algorithm, which is just one way. Also, DES keys are too short to be really secure -- for "openssl enc", you could use, say, -des_ede instead of -des. (-des_ede is two-key Triple-DES). Look at its implementation (apps/enc.c) to see what applications can do to use the ciphers. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
