Some documentation about key derivation and block padding

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Some documentation about key derivation and block padding

Alexis BRENON @OpenSSL
i everyone,

I am looking for some documentation on how to pad and/or derive my
message and my key (from simple password), to mimic AES 128 ECB
en/decryption.

For a decorative purpose (no security consideration in mind), I used
openssl to encrypt a small message (less than 16 bytes) with a small
key (less than 16 bytes). I used an AES 128 ECB encryption algorithm
with no salt. Here is the command line I used:
printf 'my message' | openssl enc -aes-128-ecb -nosalt -pass pass:word
This gave me a block of 16 bytes that I plotted with a script. Then I
have another script which rebuild the ciphered message from the list
of 0s and 1s that I can enter manually and then decrypt the message
with:
openssl enc -d -aes-128-ecb -nosalt -pass pass:word
And this worked like a charm.

However, recently I saw that running these commands output a warning:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
So I decided to re-write the scripts to make the en/decryption on
their own, not relying on future implementations of openssl. Since
then, I could not reproduce the same results as the ones obtained with
openssl (compatibility required to be able to decrypt already printed
arts).

My scripts are in Python and I use pycrypto library which provides AES
128 ECB algorithms but does not make any padding (it is the
responsability of the user to pad her data). It seems that the message
should be padded using PKCS7 (RFC 2315) standard. Nevertheless, I did
not really understand how to pad/derive a 128 bits key from my simple
password. In openssl code base, it seems to use some CRYPTO_128_wrap
function, but I don't understand it very well.

So, do you know some documentation or example on how to achieve the
same behavior than openssl. Is there anything that I also must take
care of ?

Kind regards,
Alexis.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Some documentation about key derivation and block padding

Alexis BRENON @OpenSSL
Hi all,

So, I found some hints on stack overflow
(https://stackoverflow.com/questions/6772465/is-there-any-c-api-in-openssl-to-derive-a-key-from-given-string)
and an implementation with pyCrypto
(https://gist.github.com/mimoo/11383475).
I still can't get the expected results but these raise some questions:
how many iteration of PBKDF must I do ? Must the result of the
encryption be hashed with HMAC ?

Kind regards,
Alexis.

Le ven. 1 févr. 2019 à 13:58, Alexis BRENON @OpenSSL
<[hidden email]> a écrit :

>
> i everyone,
>
> I am looking for some documentation on how to pad and/or derive my
> message and my key (from simple password), to mimic AES 128 ECB
> en/decryption.
>
> For a decorative purpose (no security consideration in mind), I used
> openssl to encrypt a small message (less than 16 bytes) with a small
> key (less than 16 bytes). I used an AES 128 ECB encryption algorithm
> with no salt. Here is the command line I used:
> printf 'my message' | openssl enc -aes-128-ecb -nosalt -pass pass:word
> This gave me a block of 16 bytes that I plotted with a script. Then I
> have another script which rebuild the ciphered message from the list
> of 0s and 1s that I can enter manually and then decrypt the message
> with:
> openssl enc -d -aes-128-ecb -nosalt -pass pass:word
> And this worked like a charm.
>
> However, recently I saw that running these commands output a warning:
> *** WARNING : deprecated key derivation used.
> Using -iter or -pbkdf2 would be better.
> So I decided to re-write the scripts to make the en/decryption on
> their own, not relying on future implementations of openssl. Since
> then, I could not reproduce the same results as the ones obtained with
> openssl (compatibility required to be able to decrypt already printed
> arts).
>
> My scripts are in Python and I use pycrypto library which provides AES
> 128 ECB algorithms but does not make any padding (it is the
> responsability of the user to pad her data). It seems that the message
> should be padded using PKCS7 (RFC 2315) standard. Nevertheless, I did
> not really understand how to pad/derive a 128 bits key from my simple
> password. In openssl code base, it seems to use some CRYPTO_128_wrap
> function, but I don't understand it very well.
>
> So, do you know some documentation or example on how to achieve the
> same behavior than openssl. Is there anything that I also must take
> care of ?
>
> Kind regards,
> Alexis.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users