Hello,
> So what you are saying is that if I encrypt a file with a password
> according to my interpretation of PKCS#5/PBKDF2, then it might not
> decrypt properly (with the same password) using the command-line openssl
> function?
Yes, this function internally looks like PBKDF2 and has similar use
but has some difference. Under some circumstances this may be compatible
with PBKDF1 - but I did't check this.
You may check this with attached example.
(CIPHER parameter is used only for getting key/iv size)
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
#include <string.h>
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
int print_hex(unsigned char *buf, int len)
{
int i;
int n;
for(i=0,n=0;i<len;i++){
if(n > 7){
printf("\n");
n = 0;
}
printf("0x%02x, ",buf[i]);
n++;
}
printf("\n");
return(0);
}
int main()
{
char *pass = "password";
char *salt = "12340000";
int ic = 1;
unsigned char buf[1024];
ic = 1;
PKCS5_PBKDF2_HMAC_SHA1(pass, strlen(pass), (unsigned char*)salt, strlen(salt), ic, 32+16, buf);
printf("PKCS5_PBKDF2_HMAC_SHA1(\"%s\", \"%s\", %d)=\n", pass, salt, ic);
print_hex(buf, 32+16);
ic = 1;
EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), (unsigned char*)salt, (unsigned char*)pass, strlen(pass), ic, buf, buf+32);
printf("EVP_BytesToKey(\"%s\", \"%s\", %d)=\n", pass, salt, ic);
print_hex(buf, 32+16);
return(0);
}
