Using password based encryption.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Using password based encryption.

Fan, Zhenqiang
Using password based encryption.

Hi,
I am writing PKCS #5 v.2 PBE (password based encryption) program, and cannot make it work. The problem is that EVP_get_cipherbynid() always returns nil (see program below). I wonder if there is another way to get an appropriate EVP_CIPHER object that I can use to call PKCS12_pbe_crypt(). Any help would be appreciated. Thanks,

Zhenqiang Fan

My test program: Notice that PKCS5_pbe2_set() and PKCS12_pbe_crypt() are existing function in OpenSSL source.

#include <openssl/blowfish.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pkcs12.h>
#include "cryptlib.h"

int
main (int argc, char *argv[])
{
        int iter = 1000;
        FILE *in, *out;
        EVP_CIPHER *cipher;
        unsigned char salt[] = {
                0x17, 0x7D, 0x65, 0xB6, 0x70, 0xF9, 0xE2, 0xEE
        };
        int saltlen = 8;
        const EVP_CIPHER *pbe_cipher = NULL;
        X509_ALGOR *pbe_algor = NULL;
        char *pass = NULL;
        int passlen;

        unsigned char encryptedData[1024];
        unsigned char dataToEncrypt[] = "Encrypt this sentence.";
        int dataToEncryptLen, encryptedDataLen, decryptedDataLen;
        unsigned char *decryptedData = NULL;

        in = fopen(argv[1], "rb");
        encryptedDataLen = fread(encryptedData, 1, 1024, in);


        PKCS12_PBE_add();

        /*
>>>>>>>>** My problem is that EVP_get_cipherbynid() always returns null.
        */
        cipher = EVP_get_cipherbynid(NID_pbe_WithSHA1And3_Key_TripleDES_CBC);

        pbe_algor = PKCS5_pbe2_set(cipher, iter, salt, saltlen);

        pass = "pineapple";
        passlen = strlen(pass);

        decryptedData = PKCS12_pbe_crypt(pbe_algor, pass, passlen,
                encryptedData, encryptedDataLen,
                &decryptedData, &decryptedDataLen, 0);

        if (decryptedDataLen != 0)
                printf ("Decrypted Data : %s\n", decryptedData);       

        out = fopen(argv[2], "wb");
        decryptedDataLen = fwrite(decryptedData, 1, decryptedDataLen, out);
        return 0;
}

Reply | Threaded
Open this post in threaded view
|

Re: Using password based encryption.

Dr. Stephen Henson
On Tue, Sep 27, 2005, Fan, Zhenqiang wrote:

>
> Hi,
> I am writing PKCS #5 v.2 PBE (password based encryption) program, and cannot
> make it work. The problem is that EVP_get_cipherbynid() always returns nil
> (see program below). I wonder if there is another way to get an appropriate
> EVP_CIPHER object that I can use to call PKCS12_pbe_crypt(). Any help would
> be appreciated. Thanks,
> Zhenqiang Fan
>

Well the PBE algorithms aren't treated as actual ciphers which is why
EVP_get_cipherbynid() is returning NULL: the NID isn't a cipher.

Instead pass a real cipher such as EVP_des_ede3_cbc() as the first argument to
PKCS5_pbe2_set().

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Using password based encryption.

Fan, Zhenqiang
In reply to this post by Fan, Zhenqiang
Hi Stephen,
Thank you so much for your help. Using EVP_des_ede3_cbc() worked.
I did not know what kind cipher should be used. This will let me move
forward. Thanks again,
Zhenqiang Fan

-----Original Message-----
From: Dr. Stephen Henson [mailto:[hidden email]]
Sent: Tuesday, September 27, 2005 3:34 PM
To: [hidden email]
Subject: Re: Using password based encryption.

On Tue, Sep 27, 2005, Fan, Zhenqiang wrote:

>
> Hi,
> I am writing PKCS #5 v.2 PBE (password based encryption) program, and
cannot
> make it work. The problem is that EVP_get_cipherbynid() always returns nil
> (see program below). I wonder if there is another way to get an
appropriate
> EVP_CIPHER object that I can use to call PKCS12_pbe_crypt(). Any help
would
> be appreciated. Thanks,
> Zhenqiang Fan
>

Well the PBE algorithms aren't treated as actual ciphers which is why
EVP_get_cipherbynid() is returning NULL: the NID isn't a cipher.

Instead pass a real cipher such as EVP_des_ede3_cbc() as the first argument
to
PKCS5_pbe2_set().

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]