EVP Functions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

EVP Functions

Eudald Sabaté Creixell
Hey,

First of all I'm new to OpenSSL and EVP functions. I've been using them in a project in order to encrypt/decrypt files using 256-bit AES in CBC mode, and using these functions to entirely encrypt/decrypt a file I've found any problem. Now, I've been asked to decrypt a file partially, and the problem we've found is that when decrypting it block by block, if the block to be decrypted is not the first one I have rubbish characters. But when decrypting all the content of the file, starting by the beginning block these characters does not appear.
So, my question is if it is possible to decrypt a file partially, and I will be very grateful if you could help me.

I also want to mention that when decrypting the file block by block (block chunks of 1024), the outlen variable on EVP_CipherUpdate(...) is always less than the inlen variable passed, though the outbuf contains more than outlen characters decrypted. Is it also normal?

Thank you all for your time,
Eudald

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EVP Functions

OpenSSL - User mailing list

You need to learn what CBC mode is.  Block ‘n’ feeds into block ‘n+1’  The behavior you describe is not wrong.

 

Blocks are padded, so only read outlen bytes.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EVP Functions

Michael Wojcik
In reply to this post by Eudald Sabaté Creixell
> From: openssl-users [mailto:[hidden email]] On Behalf Of Eudald Sabaté Creixell
> Sent: Wednesday, April 12, 2017 10:43

> First of all I'm new to OpenSSL and EVP functions. I've been using them in a project in order to encrypt/decrypt files
>  using 256-bit AES in CBC mode, and using these functions to entirely encrypt/decrypt a file I've found any problem.
>  Now, I've been asked to decrypt a file partially, and the problem we've found is that when decrypting it block by block,
>  if the block to be decrypted is not the first one I have rubbish characters. But when decrypting all the content of the
> file, starting by the beginning block these characters does not appear.
> So, my question is if it is possible to decrypt a file partially, and I will be very grateful if you could help me.

In CBC mode, the previous block's ciphertext is the IV for the current block. To skip ahead to block N, you need to use block N-1's ciphertext as the IV. If my understanding is correct (I haven't actually tried implementing this), that's all you should need.

Doing this using OpenSSL's EVP API is left as an exercise for the reader.

If you're doing anything non-trivial with cryptography, and not using a very high-level interface above a robust implementation, you need to understand the subject. Anything less is the royal road to compromising the security of your system. There are some decent Wikipedia articles (the one on "Block cipher modes of operation" would have answered this question), but really if you're going to be working at this level you should start with a general introduction such as /Applied Cryptography/.

Even then, cryptography is a complex professional specialization, even if you're not working in cryptographic research or cryptanalysis. It's an area where a little knowledge is a very dangerous thing. I say this as someone who doesn't know enough about the subject to develop cryptographic protocols (much less primitives), despite having studied it for many years.

Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...