3

I am doing AES encryption using EVP interface of OpenSSL in C language in the 128/192/256 cbc modes. I found a nice example in stackoverflow with which I have started programming.

What I would like to know is:

  1. What is the default padding used while encryption?
  2. What happens if I have large data. Do I have to code to divide it into data blocks of 128 bits? or does EVP interface takes care of it?
  3. What should be the size of the IV for 128bit, 192bit and 256bit cbc modes(where only the key lengths are 128, 192, 256 respectively and the block size is always 128)

thanks

MByD
  • 135,866
  • 28
  • 264
  • 277
pimmling
  • 483
  • 5
  • 10
  • 19

2 Answers2

0

  1. There is no default padding for encryption. There are several padding schemes. For EVP there is an encrypt final method that takes an incomplete block and adds padding (default PKCS padding) and encrypts it.

  2. EVP will take care of it.

  3. Size of the IV vector when CBC mode is used is the same size as the block size.

Milan
  • 15,389
  • 20
  • 57
  • 65
  • SO should I keep calling EVP_EncryptUpdate so long as there is data? I actually have a large data(as big as 1GB) which is a variable lenght. I keep dividing the data as chunks of 1024bits(just like that). Shall I keep calling the EVP update on these chunks? – pimmling Apr 12 '11 at 12:06
  • If you are splitting them to 1024bits due to large size, then you need to call EVP update on each chunk until you encounter the last chunk where you need to add padding and thus calling encrypt final. – Milan Apr 12 '11 at 12:20
  • should we always know the length of the plaintext to call the EVP_Decrypt routines? or say for a fixed plain text block of 1024, what is the length we should pass on the EVP_DecryptUpdate block?? – pimmling Apr 13 '11 at 09:19
0

You can use EVP_CIPHER_iv_length() to determine the IV size for the cipher, eg EVP_CIPHER_iv_length(EVP_aes_128_cbc()).

caf
  • 233,326
  • 40
  • 323
  • 462