1

I am encrypting a certain string using AES-128-ECB and then save the result in a file e.g test.enc Here is my method that does the encryption:

int do_crypt(char *outfile) {
unsigned char outbuf[1024];
int outlen, tmplen;
unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
char intext[] = "Some Text";
EVP_CIPHER_CTX ctx;
FILE *out;
EVP_CIPHER_CTX_init(&ctx);

EVP_EncryptInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL);
if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) {
    /* Error */
    return 0;
}
/* Buffer passed to EVP_EncryptFinal() must be after data just
 * encrypted to avoid overwriting it.
 */
if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
{
    /* Error */
    return 0;
}
outlen += tmplen;
EVP_CIPHER_CTX_cleanup(&ctx);
/* Need binary mode for fopen because encrypted data is
 * binary data. Also cannot use strlen() on it because
 * it wont be null terminated and may contain embedded
 * nulls.
 */
out = fopen(outfile, "wb");
fwrite(outbuf, 1, outlen, out);
fclose(out);
return 1;

}

As you can see the key is the actual password and in order to decode the encrypted file following command line should be executed:

openssl aes-128-ecb -in test.enc -K 000102030405060708090A0B0C0D0E0F -d

"000102030405060708090A0B0C0D0E0F" is a password hex representation I use in the code above 0123456789191112131415. As I understand the password can be encrypted as well using MD5 algorithm.

The question is how to encrypt data using actual KEY derived from password and not the password itself using libcrypto?

Koteg
  • 497
  • 7
  • 16
  • Koteg - is there something wrong with shunty's answer? That's what I was going to suggest when I came across this question without an accepted answer. Or restate your question if that's not the question you wanted answered. – jww Jan 10 '14 at 15:36

1 Answers1

2

Take a look at EVP_BytesToKey.

My comments in an old app tell me that BytesToKey is out of date and you should perhaps consider looking at PKCS5_v2_PBE_keyivgen or similar. But essentially, a highly simplified way of doing it is you derive your Key as a hash from your password and a suitable salt value:

EVP_DigestInit_ex(...)
EVP_DigestUpdate(...Password...)
EVP_DigestUpdate(...Salt...)
EVP_DigestFinal_ex(...)

then you use the newly generated Key to derive your IV by:

EVP_DigestInit_ex(...)
EVP_DigestUpdate(...Key...)
EVP_DigestUpdate(...Password...)
EVP_DigestUpdate(...Salt...)
EVP_DigestFinal_ex(...)

A browse of the OpenSSL source code is most useful for looking up stuff like this.

Disclaimer: I'm not a C programmer (the app in question was Delphi using OpenSSL DLLs) nor a security expert so take these suggestions as a starting point, read the proper docs and use proper functions where possible!!...

Community
  • 1
  • 1
shunty
  • 3,699
  • 1
  • 22
  • 27
  • The thing is that I have a derived key from the password but not the password itself and now I would like to use it in order to encrypt data. Basically I would like to do following: openssl enc -e -aes-128-ecb -in test.plain -out test.enc -K 000102030405060708090A0B0C0D0E0F but using crypto library. – Koteg Aug 02 '11 at 11:08
  • Ok, sorry. I guess I misunderstood the question. Your code in the original question looks like it does what you're asking so I guess I still don't understand. Perhaps I'll have to leave it to some more seasoned crypto gurus. – shunty Aug 02 '11 at 11:38