0

Am learning OpenSSL EVP API and trying to understand the ways to generate a symmetric key using OpenSSL EVP in C++ program.

I have two questions in this regard: 1) To understand what the command openssl enc -aes-256-cbc -k secret -P -md sha1 does? It printed salt, key, and IV. I mean the -aes-256-cbc option to enc is not doing anything in generating the salt, key, IV as we are using -P option. Please correct me if wrong.

2) To generate a symmetric key as above using OpenSSL EVP functions, I assume below sequence of steps. Please correct me if missed any. Is there any flaw in doing like this for a symmetric key?

1) generates a random number 2) apply the HMAC on the passphrase by using this random number as the key.

kee
  • 11
  • 4
  • `openssl enc` with password (NOT `-K` uppercase) derives key and IV from password plus random salt using a _single_ hash (like but not the same as PBKDF1) not HMAC (twice) like PBKDF2; yes this is flawed. See https://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase or my answer at https://crypto.stackexchange.com/questions/3298/is-there-a-standard-for-openssl-interoperable-aes-encryption or see **man EVP_BytesToKey** or search it on stackoverflow for many Qs on `openssl enc` to/from Java, Windows or dotnet, PHP, python, (node)js, swift and more. – dave_thompson_085 Feb 10 '19 at 03:23
  • Thanks for the pointers. Essentially, EVP_BytesToKey performs given number of MD iterations on given password. Hence to do this programmatically, I need to do the same steps. – kee Feb 11 '19 at 14:18
  • EVP_BytesToKey does an iterated hash, but _commandline_ `openssl enc` uses count=1 and therefore does _only one_ hash (per output block); see the Qs I linked already. To do it programmatically you can just call EVP_BytesToKey, but if you are trying to _replace_ it yes you must code the equivalent. – dave_thompson_085 Feb 12 '19 at 04:59

0 Answers0