On Mon, Feb 16, 2009 at 01:48:54PM +0800, loody wrote: > Dear all: > I want to realize aes, so I trace enc_main in enc.c. > But I find there are a lot call back functions such that I spend more > time on tracing these call back functions than understanding aes > algorithm. > > I have studied the aes flow chart on the wiki, > http://en.wikipedia.org/wiki/Advanced_Encryption_Standard > But I cannot find out where the connection between the password I > input with the aes. > > suppose I type: > openssl enc -aes-256-cbc -salt -in test.txt -out test.enc > enter aes-256-cbc encryption password: 123456 > Verifying - enter aes-256-cbc encryption password:123456 > > How do we deal with "123456" before calling AES_cbc_encrypt? > Is "123456" a part of key?
User-supplied passwords (password based encryption) are not strong enough to use directly as AES keys. Instead these are passed to a key-derivation function. OpenSSL uses PBKDF2 from PKCS#5 v2.1 http://en.wikipedia.org/wiki/PBKDF2 The API entry point (still to be documented) is: src/distro/crypto/evp/p5_crpt2.c: PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key) -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org