Hello, > You wrote: > > In CBC mode, your encrypted data can be bigger for one block (for padding). > But how will I know how big the Buffer > A) must be before encryption > B) and will be filled after encryption? > > Example: I want to encrypt 133 Bytes. So I need 9*16 Byte plus maybe one for > padding. > I give AES_cbc_encrypt a 160 Byte Buffer. > But after encryption I dont know if 144 Bytes are used or 160 Bytes. Is there > a formula? If you want to use AES_cbc_encrypt() then my proposition is to add padding first to your data and next to use AES_cbc_encrypt(). After adding padding, your data will have length of multiple block size. In this case, encrypted data will have the same size.
For example, if you have 133 bytes to encrypt (133 = 8*16 + 5) you have 8 AES blocks and 5 bytes. You pad this 5 bytes to form 1 block (16 = 5 + 11 bytes of padding) and you have 144 bytes of data to encrypt. Because this is multiple of block size, output buffer will get 144 bytes of encrypted data. You may encrypt this in chunks, for example you may encrypt 4 blocks, next 4 blocks and 1 block at end (for very large amount of data there is no other possibility). Decryption is simple, you will get encrypted data (of length multiple of block size), use AES_cbc_encrypt() to decrypt data and remove padding from last block. You may read of padding format, for example, in PKCS#5 section 6.1.1 point 4. Padding used in AES_cbc_encrypt() is not compatible with this document, but AES_cbc_encrypt() adds padding only if length of data is not multiple of AES block size. But if you have no real need to use this low-level function you may look at EVP API with AES (and other algorithms) encryption. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
