> Matthew Cross wrote:
>
> I've read the docs. I've seen the source. I still don't totally
> understand.
>
> I'm trying to be a good doobie and use the High-level EVP_ functions
> for my RC4, RC2, and DES
> calls. But what about setting up the key? If I'm doing password
> based stuff do I need to use \
> EVP_BytesToKey ?? or does EVP_EncryptInit do everything I need in this
> case? Advice or a few lines
> of code would be very much appreciated. I'd also like to contribute
> some step-by-step documented examples (along with
> some C++ wrappers) once I understand better.
>
It depends on what you mean by "password based stuff".
EVP_BytesToKey() can do that but its non standard, you generate a random
salt of length PKCS5_SALT_LEN bytes (8) include an iteration count and
then the password in the data and datal arguments. You get back a key
and iv which you can use for EVP_EncryptInit() and friends. The
iteration count and salt have to be transferred along with the encrypted
data. There's an example in the cipher application.
An alternative technique is to use the EVP_PBE_CipherInit() function
which support PKCS#5 (v1.5 and v2.0) and PKCS#12 password based
encryption. That isn't documented but it is used in the PKCS#8 routines.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
