On Sun, 15 Nov 2009 21:44:55 -0500
Victor Duchovni victor.ducho...@morganstanley.com wrote:
|
| Subject:Re: Encapsulation of AES_KEY
| Date: 2009-11-11 18:49:38
|
| The problem is the openssl command does not make this function available
| either directly as a password to key+IV converter, or as part of its
| file encryption method, for use from CLI.
|
| The enc(1) command uses EVP_BytesToKey(), which would have been good
| enough in most applications, if the iteration count were high-enough,
| or configurable.
|
| Thus, unless I'm misreading the code, the solution is to use a strong
| pass-phrase, or code up your own tool, that uses PBKDF2, with as high
| an iteration count is practical within your latency and CPU cost bounds.
|
Which I did. :-)
| Breaking backwards compatibility with already encrypted files is not
| a good option, so any new key-derivation mode for enc(1) would have
| to be switched-on via new, non-default flags.
|
But didn't enc(1) break that compatibility!
At one point the default for 'enc' was to use '-nosalt' whcih does not have
any file 'magic' included. At least that was what the manpages say is the
default!!!
But when I started to work with it I found the default is to use use '-salt'.
That is the file format is
* 'Salted__' magic string
* 8 bytes of random salt
* encrypted data
Similar I found many other references to the change in the openssl
encrypted file generation.
The iterative count (ic) defaults to 1, with no options from the
command line to change this count. Nor does it seem to store the
count into file, something that would be necessary.
So I decided to do my own pass-phrase to key stage. But found the openssl
command deficient here too.
You can specify alternative sources for password, but a user derived
key and IV for direct data encryption can only be given on the command
line (VERY bad for security). These should at least be able to be read
from file descriptors, like pass-phrases can.
Salt and counts don't need this as they are public data. But Key and IV
are not and alternative input methods other than hex digit arguments is
a must.
In Summery the openssl command is deficient.
* You can't create a encrypted file that included an ic
* You can't even specify the ic for the encryption (it just 1)
* You can't pass Key and IV other than as command line arguments!
(making them visible in process listings!)
* You can't even use the openssl command to just do the basic
conversions of
pass-phrase + salt + count --TO- key + IV
perhaps with options for base64 or base16 (hexadecimal) output.
For either PBKDF 1.5 using EVP_BytesToKey()
or for PBKDF 2 using PKCS5_PBKDF2_HMAC_SHA1()
This was my finding during my last phase of development as an
application programmer.
Anthony Thyssen ( System Programmer )a.thys...@griffith.edu.au
--
Out testing new time machine. Be back yesterday!
--
Anthony's Home is his Castle http://www.cit.gu.edu.au/~anthony/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
