On Sat, Sep 21, 2002, Juan Segarra wrote: > Hello. > > I wan't to encrypt a set of characters using triple DES in CBC mode. I'll > use PBE based on PKCS#5 v 2.0. As i know, the key derivation function > returns the key based on the salt, iteration count, etc. But not an iv. > > I've been looking at enc application, but it uses EVP_BytesToKey(), which > derives an iv and a key from the salt, wich is stored with the output. So, > recovering the original iv is as easy as feeding EVP_BytesToKey with the > salt. > > The question is, what sould i do with the iv if i use the PBE routines > (v.20)? Is there a standard covering this topic? Up to now, i've been > concatenating the salt, iv and encrypted stuff. >
PKCS5_pbe2_set() should really include an IV parameter but currently it can only generate a random one which is stored deep in the ASN1 structures. Currently the easiest solution is to call EVP_CipherInit() again after the PBE initialisation with a new and known IV only. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
