*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->OpenBSD man pages -> EVP_BytesToKey (3)              



NAME    [Toc]    [Back]

       EVP_BytesToKey - password based encryption routine

SYNOPSIS    [Toc]    [Back]

        #include <openssl/evp.h>

        int EVP_BytesToKey(const  EVP_CIPHER  *type,const  EVP_MD
                              const unsigned char *salt,
                              const   unsigned  char  *data,  int
datal, int count,
                              unsigned  char  *key,unsigned  char

DESCRIPTION    [Toc]    [Back]

       EVP_BytesToKey() derives a key and IV from various parameters.
 type is the cipher to derive the key and IV for. md
       is the message digest to use.  The salt paramter is used
       as a salt in the derivation: it should point to an 8 byte
       buffer or NULL if no salt is used. data is a buffer containing
 datal bytes which is used to derive the keying
       data. count is the iteration count to use. The derived key
       and IV will be written to key and iv respectively.

NOTES    [Toc]    [Back]

       A typical application of this function is to derive keying
       material for an encryption algorithm from a password in
       the data parameter.

       Increasing the count parameter slows down the algorithm
       which makes it harder for an attacker to peform a brute
       force attack using a large number of candidate  passwords.

       If the total key and IV length is less than the digest
       length and MD5 is used then the derivation algorithm is
       compatible with PKCS#5 v1.5 otherwise a non standard
       extension is used to derive the extra data.

       Newer applications should use more standard algorithms
       such as PKCS#5 v2.0 for key derivation.


       The key and IV is derived by concatenating D_1, D_2, etc
       until enough data is available for the key and IV. D_i is
       defined as:

               D_i = HASH^count(D_(i-1) || data || salt)

       where || denotes concatentaion, D_0 is empty, HASH is the
       digest algorithm in use, HASH^1(data) is simply
       HASH(data), HASH^2(data) is HASH(HASH(data)) and so on.

       The initial bytes are used for the key and the subsequent
       bytes for the IV.

RETURN VALUES    [Toc]    [Back]

       EVP_BytesToKey() returns the size of the derived key in

SEE ALSO    [Toc]    [Back]

       evp(3), rand(3), EVP_EncryptInit(3),

HISTORY    [Toc]    [Back]

OpenBSD 3.6                 2004-04-08                          2
[ Back ]
 Similar pages
Name OS Title
gbde FreeBSD Geom Based Disk Encryption
setkey NetBSD password encryption
encrypt NetBSD password encryption
crypt NetBSD password encryption
crypt Linux password and data encryption
gbde FreeBSD operation and management utility for Geom Based Disk Encryption
crypt IRIX password and file encryption functions
dispcrypt Tru64 encrypt a password, dispatching based on the associated algorithm (Enhanced Security)
pw_getconf NetBSD password encryption configuration access function
passwd_import HP-UX Creates registry database entries based on information in UNIX group and password files
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service