On Mon, Feb 16, 2009 at 01:48:54PM +0800, loody wrote:
> Dear all:
> I want to realize aes, so I trace enc_main in enc.c.
> But I find there are a lot call back functions such that I spend more
> time on tracing these call back functions than understanding aes
> algorithm.
>
> I have studied the aes flow chart on the wiki,
> http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
> But I cannot find out where the connection between the password I
> input with the aes.
>
> suppose I type:
> openssl enc -aes-256-cbc -salt -in test.txt -out test.enc
> enter aes-256-cbc encryption password: 123456
> Verifying - enter aes-256-cbc encryption password:123456
>
> How do we deal with "123456" before calling AES_cbc_encrypt?
> Is "123456" a part of key?
User-supplied passwords (password based encryption) are not strong
enough to use directly as AES keys. Instead these are passed to
a key-derivation function. OpenSSL uses PBKDF2 from PKCS#5 v2.1
http://en.wikipedia.org/wiki/PBKDF2
The API entry point (still to be documented) is:
src/distro/crypto/evp/p5_crpt2.c:
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key)
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
