Re: DES3: Windows CryptoAPI and OpenSSL
On Thu, Oct 25, 2007, MaxAndr wrote:
> Kiefer, Sascha wrote:[color=green]
> > if you use the unsimplefied version of the cryptoapi you have to reverse
> > the bytes auf your results before using them.
> I'm not sure that the translation is correct at all. Since the derived keys
> and the encrypted data are completely different.
> If EVP_BytesToKey() gives not appropriable key then may be I should try some
> other functions. I have read about
> [url]http://www.openssl.org/docs/crypto/EVP_BytesToKey.html[/url] EVP_BytesToKey()
> "Newer applications should use more standard algorithms such as PKCS#5 v2.0
> for key derivation".
> Which of them should I use?
None of them. CryptDeriveKey() doesn't have a direct equivalent in OpenSSL for
I can't remember the details but CryptDeriveKey() does something different
when the message digest doesn't provide enough keying material. Do a search on
the web somewhere.
EVP_BytesToKey() does non standard things too in such circumstances which is
why things like PKCS#5 v2.0 are recommended for new applications.
However that wont help with your case.
You have several options.
One is to use the exponent of one hack in CryptoAPI to use a raw key (see MS
Alternatively you can write an implementation of CryptDeriveKey() based on
OpenSSL functions (digests).
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
OpenSSL Project [url]http://www.openssl.org[/url]
User Support Mailing List [email]firstname.lastname@example.org[/email]
Automated List Manager [email]email@example.com[/email]