On Mon, Jan 05, 2009 at 05:06:29AM -0800, Cyanure wrote:
>
> Hi,
>
> AES symmetric keys are 128, 192 or 256 bits long.
>
> Is there a function in OpenSSL that creates (generates) an AES key (probably
> using internal salt) with the desired length (128, 192 or 256 bits) ?
Keys are either:
- Random bit patterns generated using a suitable cryptograph (P)RNG,
e.g. read from /dev/urandom or /dev/random.
- Password-based but strengthened via a suitable KDF (key-derivation
function). It is here that you combine a "salt" value with the user's
password, and for this OpenSSL includes (the yet to be documented)
PKCS5_PBKDF2_HMAC_SHA1 declared in <openssl/evp.h>
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter,
int keylen, unsigned char *out);
the iteration count is often 1000, but should probably be higher for
new applications.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
