Stream Encription

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Stream Encription

OpenSSL - User mailing list

Hello,

I have a client, that sends me data, that I need to encrypt, in few steps. I can use such functions in PKCS11: C_EncryptInit (...), C_EncryptUpdate (...), C_EncryptFinal (...). It allows me add data, that will be encrypted at every step, using C_EncryptUpdate  function.

 

In OpenSSL I found CMS_encrypt (...) with flag = CMS_STREAM, but I can't understand how I can add data as I described above or another way? I get data in unsigned char* every time. Any help would be appreciated. Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: Stream Encription

Dmitry Belyavsky-3
Hello,

If you mean encryption/decryption only, I strongly suppose you should look at EVP_CipherInit/Update/Final functions.

On Fri, Feb 28, 2020 at 4:53 PM Илья Юркевич (Ilya Yurkevich) via openssl-users <[hidden email]> wrote:

Hello,

I have a client, that sends me data, that I need to encrypt, in few steps. I can use such functions in PKCS11: C_EncryptInit (...), C_EncryptUpdate (...), C_EncryptFinal (...). It allows me add data, that will be encrypted at every step, using C_EncryptUpdate  function.

 

In OpenSSL I found CMS_encrypt (...) with flag = CMS_STREAM, but I can't understand how I can add data as I described above or another way? I get data in unsigned char* every time. Any help would be appreciated. Thanks.



--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: Stream Encription

OpenSSL - User mailing list
In reply to this post by OpenSSL - User mailing list
No, I want to get CMS Enveloped data in the end of the procedure. 
 
Firstly, I initialize the encryption operation by adding recipient certificates, algorithms, etc., then send the data in chunks for encryption and receive them in an encrypted format for further writing to the file. At the end of the operation, I call the finalizing of the encryption, which adds the final bytes 0x00 0x00 to the cms structure for internal blocks, meaning the end of each cms block - this is what I mean. As far as I know CryptMsgUpdate() in CryptoApi allows it - I'm trying to explain my purpose to you better using examples.
I want to get something similar in OpenSSL. It’s possible?
 
Now I use such method:
cms = CMS_encrypt(certs, NULL, cipher, CMS_STREAM | CMS_BINARY); //call it once at the start
 
BIO* input = CMS_dataInit(cms, NULL); //call it once at the start

BIO_write(input, pbData, cbData);//call each time to add another part of data
 
CMS_dataFinal(cms, input); //call it once in the end of encryption
 
This method allows me to read data in stream mode and send it to BIO_write(). But I can’t send encrypted data by parts — only after calling CMS_dataFinal() — from cms structure. Thanks for any help.
 
Пятница, 28 февраля 2020, 16:55 +03:00 от Dmitry Belyavsky <beldmit@...>:
 
Hello,
 
If you mean encryption/decryption only, I strongly suppose you should look at EVP_CipherInit/Update/Final functions.
 
On Fri, Feb 28, 2020 at 4:53 PM Ilya Yurkevich via openssl-users <openssl-users@...> wrote:

Hello,

I have a client, that sends me data, that I need to encrypt, in few steps. I can use such functions in PKCS11: C_EncryptInit (...), C_EncryptUpdate (...), C_EncryptFinal (...). It allows me add data, that will be encrypted at every step, using C_EncryptUpdate  function.

 

In OpenSSL I found CMS_encrypt (...) with flag = CMS_STREAM, but I can't understand how I can add data as I described above or another way? I get data in unsigned char* every time. Any help would be appreciated. Thanks.

 
 
--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: Stream Encription

Viktor Dukhovni
On Tue, Mar 03, 2020 at 10:25:16AM +0300, Илья Юркевич (Ilya Yurkevich) via openssl-users wrote:

> No, I want to get CMS Enveloped data in the end of the procedure. 

The OpenSSL cms(1) command supports streaming when encoding (but not
when decoding).  If you wade through the source of apps/cms.c, you'll
find the relevant calls.

--
    Viktor.