Re: How to do encryption using AES in Openssl

[Prashanth kumar N]

Thanks Ken for pointing out the mistake...  after changing to
AES_Decrypt(), it worked but i still see issue when i print the
decrypted output as it has extra non-ascii characters in it.

Below is the input
 unsigned char text[]="test12345678abc2";
After decryption, i get the following string: Decrypted o/p:
test12345678abc2Ȳu�z�B�����A��S��
Few questions...

1. If we use AES, will decrypted files have same number of bytes as
encrypted file? (I assume it should be same)
2. When i did Google and found few examples on AES using CBC mode, many of
them add extra buffer while decrypting ie.,
sample eg:
unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
 10     unsigned char iv[] = {1,2,3,4,5,6,7,8};
 11     unsigned char outbuf[1024];
 12     unsigned char decrebuf[1024];
 13     int outlen,outlen2, tmplen;
 14     unsigned char text[]="test12345678abc2";
 15     char outfile[]= "encfile";

           if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext,
strlen(intext)))

 26       {
 27             /* Error */
 28        printf("\n Error:EVP_EncryptUpdate ");
 29        return 0;
 30        }
 31
 32    if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
 33      {
 34          /* Error */
 35      printf("\n Error: EVP_EncryptFinal_ex");
 36      return 0;
 37      }

          EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key, iv);
 45
 46     if(!EVP_DecryptUpdate(&ctx, decrebuf, &outlen2, outbuf, outlen))
 47     {
 48     printf("\n Error : EVP_DecryptUpdate");
 49      return 0;
 50     }

EVP_DecryptFinal_ex(&ctx, decrebuf + outlen2, &tmplen )

Here i see even thought decrebuf is 1024, we still offset it by outlen and
pass the address to Decrytpion function?

3. Why is it like we have to choose 1024 as array size... when i know my
encryption text is only 16bytes. Any reasons?


-Prashanth

On Wed, Mar 28, 2012 at 7:29 PM, Ken Goldman <kgold...@us.ibm.com> wrote:

> On 3/28/2012 3:01 AM, Prashanth kumar N wrote:
>
>> Here is the modified program
>> [snip]
>>
>>  18     AES_KEY ectx;
>>  19     AES_KEY dectx;
>>  20
>>  21     AES_set_encrypt_key(key, 256, &ectx);
>>  22     AES_encrypt(text, out, &ectx);
>>  23
>>  24     printf("encryp data = %s\n", out);
>>  25
>>  26     AES_set_encrypt_key(key, 256, &dectx);
>>
>
> AES_set_decrypt_key()
>
>   27     AES_decrypt(out, decout, &dectx);
>>
>
> ______________________________**______________________________**__________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>