This is a discussion on Re: DES3: Windows CryptoAPI and OpenSSL - Openssl ; On Thu, Oct 25, 2007, MaxAndr wrote: > > > Kiefer, Sascha wrote: > > > > if you use the unsimplefied version of the cryptoapi you have to reverse > > the bytes auf your results before using them. ...
On Thu, Oct 25, 2007, MaxAndr wrote:
> Kiefer, Sascha wrote:
> > if you use the unsimplefied version of the cryptoapi you have to reverse
> > the bytes auf your results before using them.
> I'm not sure that the translation is correct at all. Since the derived keys
> and the encrypted data are completely different.
> If EVP_BytesToKey() gives not appropriable key then may be I should try some
> other functions. I have read about
> http://www.openssl.org/docs/crypto/EVP_BytesToKey.html EVP_BytesToKey()
> "Newer applications should use more standard algorithms such as PKCS#5 v2.0
> for key derivation".
> Which of them should I use?
None of them. CryptDeriveKey() doesn't have a direct equivalent in OpenSSL for
I can't remember the details but CryptDeriveKey() does something different
when the message digest doesn't provide enough keying material. Do a search on
the web somewhere.
EVP_BytesToKey() does non standard things too in such circumstances which is
why things like PKCS#5 v2.0 are recommended for new applications.
However that wont help with your case.
You have several options.
One is to use the exponent of one hack in CryptoAPI to use a raw key (see MS
Alternatively you can write an implementation of CryptDeriveKey() based on
OpenSSL functions (digests).
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
OpenSSL Project http://www.openssl.org
User Support Mailing List email@example.com
Automated List Manager firstname.lastname@example.org