On Thu, Oct 25, 2007, MaxAndr wrote:

> Kiefer, Sascha wrote:
> >
> > if you use the unsimplefied version of the cryptoapi you have to reverse
> > the bytes auf your results before using them.
> >

> I'm not sure that the translation is correct at all. Since the derived keys
> and the encrypted data are completely different.
> If EVP_BytesToKey() gives not appropriable key then may be I should try some
> other functions. I have read about
> http://www.openssl.org/docs/crypto/EVP_BytesToKey.html EVP_BytesToKey()
> that
> "Newer applications should use more standard algorithms such as PKCS#5 v2.0
> for key derivation".
> Which of them should I use?

None of them. CryptDeriveKey() doesn't have a direct equivalent in OpenSSL for
3DES keys.

I can't remember the details but CryptDeriveKey() does something different
when the message digest doesn't provide enough keying material. Do a search on
the web somewhere.

EVP_BytesToKey() does non standard things too in such circumstances which is
why things like PKCS#5 v2.0 are recommended for new applications.

However that wont help with your case.

You have several options.

One is to use the exponent of one hack in CryptoAPI to use a raw key (see MS
knowledge base).

Alternatively you can write an implementation of CryptDeriveKey() based on
OpenSSL functions (digests).

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org