On Tue, Nov 10, 2009 at 04:03:46PM -0800, SSDwellah wrote:
> I am using openssl and have an AES_KEY structure (AES 256-bit) in memory
> that is used for encrypting some data. I would very much like to store the
> AES key to a file.
Do you want to encrypt the file?
- If not, just write out the 32-byte key into a file and you are
done. There is no need for any fancy encapsulation. If you really
want to avoid "raw binary" data, you could use a base64 BIO to
write/read the file.
- If you do, you need a symmetric key to encrypt/decrypt your
symmetric key, and where do store that? This "makes sense" if
you are going to prompt a user to decrypt the file each time your
application starts-up. In that case you can encrypt/decrypt the
key from a user-supplied password using the same method as enc(1)
(user password uses PBKDF2 with a salt that is saved with the ciphertext).
Bottom line, there is no need for fancy encapsulation of symmetric keys,
they are just opaque binary data, and can be stored verbatim, or encrypted
via a password-based key when appropriate.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
