Re: Accessing PBKDF2 from command line

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PBKDF2 from command line

Victor Duchovni
On Mon, Nov 16, 2009 at 11:52:26AM +1000, Anthony Thyssen wrote:

> I was reading the openssl-users  mail list, (I am not on that list)
> where you mentioned the PBKDF2 openssl library function.

You should join, at least long enough to ask the question that interests
you. Further follow-up will be on-list only.

>
>    Subject:    Re: Encapsulation of AES_KEY
>    Date:       2009-11-11 18:49:38
>
> The problem is the openssl command does not make this function available
> either directly as a password to key+IV converter,  or as part of its
> file encryption method, for use from CLI.

The enc(1) command uses EVP_BytesToKey(), which would have been good
enough in most applications, if the iteration count were high-enough,
or configurable.

Thus, unless I'm misreading the code, the solution is to use a strong
pass-phrase, or code up your own tool, that uses PBKDF2, with as high
an iteration count is practical within your latency and CPU cost bounds.

Breaking backwards compatibility with already encrypted files is not
a good option, so any new key-derivation mode for enc(1) would have
to be switched-on via new, non-default flags.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PBKDF2 from command line

AntOfThy
On Sun, 15 Nov 2009 21:44:55 -0500
Victor Duchovni <[hidden email]> wrote:
| >
| >    Subject:    Re: Encapsulation of AES_KEY
| >    Date:       2009-11-11 18:49:38
| >
| > The problem is the openssl command does not make this function available
| > either directly as a password to key+IV converter,  or as part of its
| > file encryption method, for use from CLI.
|
| The enc(1) command uses EVP_BytesToKey(), which would have been good
| enough in most applications, if the iteration count were high-enough,
| or configurable.
|
| Thus, unless I'm misreading the code, the solution is to use a strong
| pass-phrase, or code up your own tool, that uses PBKDF2, with as high
| an iteration count is practical within your latency and CPU cost bounds.
|
Which I did. :-)

| Breaking backwards compatibility with already encrypted files is not
| a good option, so any new key-derivation mode for enc(1) would have
| to be switched-on via new, non-default flags.
|
But didn't enc(1) break that compatibility!

At one point the default for 'enc' was to use '-nosalt' whcih does not have
any file 'magic' included.  At least that was what the manpages say is the
default!!!

But when I started to work with it I found the default is to use use '-salt'.

That is the file format is
   * 'Salted__'  magic string
   * 8 bytes of random salt
   * encrypted data

Similar I found many other references to the change in the openssl
encrypted file generation.


The iterative count (ic) defaults to 1, with no options from the
command line to change this count.  Nor does it seem to store the
count into file, something that would be necessary.

So I decided to do my own pass-phrase to key stage. But found the "openssl"
command deficient here too.

You can specify alternative sources for password, but a user derived
key and IV for direct data encryption can only be given on the command
line (VERY bad for security).  These should at least be able to be read
from file descriptors, like pass-phrases can.

Salt and counts don't need this as they are public data.  But Key and IV
are not and alternative input methods other than hex digit arguments is
a must.


In Summery the "openssl" command is deficient.

 * You can't create a encrypted file that included an ic

 * You can't even specify the ic for the encryption (it just 1)

 * You can't pass Key and IV other than as command line arguments!
     (making them visible in process listings!)

 * You can't even use the "openssl" command to just do the basic
   conversions of
       pass-phrase + salt + count  --TO->  key + IV
   perhaps with options for base64 or base16 (hexadecimal) output.
   For either  PBKDF 1.5  using  EVP_BytesToKey()
   or for PBKDF 2   using PKCS5_PBKDF2_HMAC_SHA1()

This was my finding during my last phase of development as an
application programmer.


  Anthony Thyssen ( System Programmer )    <[hidden email]>
 --------------------------------------------------------------------------
           Out testing new time machine. Be back yesterday!
 --------------------------------------------------------------------------
     Anthony's Home is his Castle     http://www.cit.gu.edu.au/~anthony/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PBKDF2 from command line

Victor Duchovni
On Mon, Nov 16, 2009 at 01:45:07PM +1000, Anthony Thyssen wrote:

> In Summery the "openssl" command is deficient.
>
> [ various limitations of enc(1) ]

At the end of the day, OpenSSL is a *library*, not an end-user product,
and enc(1) and friends are developer utilities and "demo" tools.

When you need a *product*, you build something useful with the
library. Yes, enc(1) should be better, but it is likely not a priority
relative to improving the library.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PBKDF2 from command line

AntOfThy

On Mon, 16 Nov 2009 00:11:59 -0500
Victor Duchovni <[hidden email]> wrote:
| On Mon, Nov 16, 2009 at 01:45:07PM +1000, Anthony Thyssen wrote:
|
| > In Summery the "openssl" command is deficient.
| >
| > [ various limitations of enc(1) ]
|
| At the end of the day, OpenSSL is a *library*, not an end-user product,
| and enc(1) and friends are developer utilities and "demo" tools.
|
| When you need a *product*, you build something useful with the
| library. Yes, enc(1) should be better, but it is likely not a priority
| relative to improving the library.
|

As a follow up.

Yes I created my file encryption program, use Perl which has access to
the standard encryption methods, though not it seems to the PBKDF2
function.  Just as openssl does not provide command line access to this
function.

One PERL module   Crypto::PBKDF2  is available in CPAN, but has so
many dependencies on other modules it was deemed useless.

For about 6 months I solved the problem by using a C program "pbkdf2"
which breaks out the PKCS5_PBKDF2_HMAC_SHA1() function.  This was
developed from another C program "pkcs5.c" found a number of times
on this mailing list.

The program accepts the passphrase via stdin, the salt and iteration
count on the command line (in hex) and returns the key+iv as hex on
stdout.

It worked well, did the job, though was a kludge.
You can look at "pbkdf2" source at
   http://www.cit.griffith.edu.au/~anthony/software/pbkdf2.c

Recent ally on another forum I can across someone else having a similar
problem, access to the same function from perl.  A PBKDF2 equivalent
function written purely in perl was found and provide to produce the
correct results. It was also quite small to, though as it was in perl
it was slightly slower than the C equivalent.

I first used that function to create a replacement "pbkdf2" command
  http://www.cit.griffith.edu.au/~anthony/software/pbkdf2.pl

And then incorporated directly into my file encryption perl script.
  http://www.cit.griffith.edu.au/~anthony/software/encrypt.pl

I am still looking to access the OpenSSL function from perl (strange
it is not available), but am happy with the current solution(s).

Comments welcome.



  Anthony Thyssen ( System Programmer )    <[hidden email]>
 --------------------------------------------------------------------------
      God is in the Details!
 --------------------------------------------------------------------------
   Anthony's Castle     http://www.cit.griffith.edu.au/~anthony/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]