On 17 June 2013 12:57, enrico d'urso <e.du...@live.com> wrote: > Hi, thanks for your answer. > > I didn't call them all times, just first time. > The fact is that I would like to use 'cbc' scheme, so I Could make this way,
CBC is a mode used within an individual message. It cannot be used across multiple messages in this way (see comments below). > if re call EncryptInit > will delete the state of the context : If you call EncryptFinal_ex then you must call Init if you want to reuse the context. > > Take a random IV, and use it. > Encrypt a message, and save last cipher-text ( Let be C). > Re-call EncryptInit using C as IV. > IVs must be random and not predictable in advance. Using the last block of a previous message as the IV for a subsequent message gives a predictable IV. Predictable IVs are insecure against a certain class of attacks (CPA attacks) e.g. the well known BEAST attack did exactly that > > Otherwise I could never call EVP_EncryptInit_final and just use > EVP_Encrypt_update , > making padding with a function implemented by my self. > Don't do this - that would be difficult and liable to security issues if not done properly. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
