Hi All, I have been using AES 256, CTR mode to encrypt the contents of a file on disk. The IV for the file is written to the first 16 bytes followed by the encrypted file data. Up to now, this encrypted data is created with a single encryption session. This is all on a mobile device, using FIPS mode with relatively limited resources, compared with a desktop.
I'd like to be able to append to this encrypted file. In order to do this, I need to decrypt the final block (in the event there is a partial block that has been written to the encrypted stream), start the plaintext portion with this last block, and continue the encryption of additional data in the file, using a new encryption session. I've gone through the AES code, and the only way I've found is to set the state of the initial decryption/encryption based on the number of blocks, and creating a working IV for the start of the decryption and encryption process. This has not been successful for me yet, for some reason. Is there a better way to do this with the current OpenSSL API's (EVP, or lower level)? Any help would be greatly appreciated. Thanks! Sean Langley
