Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 953a1665e2
Branches Tags
openssl
/
doc
/
crypto
/
EVP_BytesToKey.pod

EVP_BytesToKey.pod 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. EVP_BytesToKey - password based encryption routine
    6. 

  6. 

  7. =head1 SYNOPSIS
    8. 

  8. 

  9.  #include <openssl/evp.h>
    10. 

  10. 

  11.  int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
    12. 

  12.                        const unsigned char *salt,
    13. 

  13.                        const unsigned char *data, int datal, int count,
    14. 

  14.                        unsigned char *key,unsigned char *iv);
    15. 

  15. 

  16. =head1 DESCRIPTION
    17. 

  17. 

  18. EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
    19. 

  19. the cipher to derive the key and IV for. B<md> is the message digest to use.
    20. 

  20. The B<salt> parameter is used as a salt in the derivation: it should point to
    21. 

  21. an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
    22. 

  22. B<datal> bytes which is used to derive the keying data. B<count> is the
    23. 

  23. iteration count to use. The derived key and IV will be written to B<key>
    24. 

  24. and B<iv> respectively.
    25. 

  25. 

  26. =head1 NOTES
    27. 

  27. 

  28. A typical application of this function is to derive keying material for an
    29. 

  29. encryption algorithm from a password in the B<data> parameter.
    30. 

  30. 

  31. Increasing the B<count> parameter slows down the algorithm which makes it
    32. 

  32. harder for an attacker to peform a brute force attack using a large number
    33. 

  33. of candidate passwords.
    34. 

  34. 

  35. If the total key and IV length is less than the digest length and
    36. 

  36. B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
    37. 

  37. otherwise a non standard extension is used to derive the extra data.
    38. 

  38. 

  39. Newer applications should use a more modern algorithm such as PBKDF2 as
    40. 

  40. defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
    41. 

  41. 

  42. =head1 KEY DERIVATION ALGORITHM
    43. 

  43. 

  44. The key and IV is derived by concatenating D_1, D_2, etc until
    45. 

  45. enough data is available for the key and IV. D_i is defined as:
    46. 

  46. 

  47. 	D_i = HASH^count(D_(i-1) || data || salt)
    48. 

  48. 

  49. where || denotes concatentaion, D_0 is empty, HASH is the digest
    50. 

  50. algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
    51. 

  51. is HASH(HASH(data)) and so on.
    52. 

  52. 

  53. The initial bytes are used for the key and the subsequent bytes for
    54. 

  54. the IV.
    55. 

  55. 

  56. =head1 RETURN VALUES
    57. 

  57. 

  58. If B<data> is NULL, then EVP_BytesToKey() returns the number of bytes
    59. 

  59. needed to store the derived key.
    60. 

  60. Otherwise, EVP_BytesToKey() returns the size of the derived key in bytes,
    61. 

  61. or 0 on error.
    62. 

  62. 

  63. =head1 SEE ALSO
    64. 

  64. 

  65. L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
    66. 

  66. L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
    67. 

  67. 

  68. =head1 HISTORY
    69. 

  69. 

  70. =cut
    71.