Hi i have installed openssl on my linux machine and going through the header files and documentation (which is highly insufficint :( ).
嗨,我已经在我的linux机器上安装了openssl并通过头文件和文档(这是非常不充分的:()。
i am trying to build a project(in 'c') which uses symmetric crypto algos (i am focusing on aes256cbc). The problem is i am confused as in how to use the library functions in my code.
我正在尝试构建一个使用对称加密算法的项目(在'c'中)(我专注于aes256cbc)。问题是我很困惑如何在我的代码中使用库函数。
For my implementation of aes256cbc i can directly use the functions defined in the 'aes.h' header file(which appeared to me at the first place).
对于我的aes256cbc实现,我可以直接使用'aes.h'头文件中定义的函数(首先在我看来)。
But on googling i came accross some tutorial for this which are using 'evp.h' functions to do this http://saju.net.in/code/misc/openssl_aes.c.txt
但在google搜索中,我遇到了一些教程,使用'evp.h'函数来做这个http://saju.net.in/code/misc/openssl_aes.c.txt
Is there a specific reason for this or directly accessing the aes.h functions is better.
是否有特定原因或直接访问aes.h函数更好。
And also if someone can point me to a good documentation/tutorial of any kind on using the crypto library of openssl will be much appreciated.
而且如果有人能指出我使用openssl的加密库的任何类型的良好文档/教程将非常感激。
many thanks
非常感谢
P.S forgive me if i am being naive
如果我天真,请原谅我
2 个解决方案
#1
27
Using the EVP API has the advantage that you can use the same API for all the symmetric ciphers that OpenSSL supports, in a generic way. This makes it way easier to replace the algorithm used, or make the algorithm user-configurable at a later stage. Most of the code you write is not specific to the encryption algorithm you selected.
使用EVP API的优势在于,您可以以通用方式为OpenSSL支持的所有对称密码使用相同的API。这使得更换所使用的算法变得更容易,或者在稍后阶段使算法可由用户配置。您编写的大多数代码并非特定于您选择的加密算法。
Here's a simple example for encryption with AES-256 in CBC mode:
以下是在CBC模式下使用AES-256进行加密的简单示例:
#include <stdio.h>
#include <openssl/evp.h>
int main()
{
EVP_CIPHER_CTX ctx;
unsigned char key[32] = {0};
unsigned char iv[16] = {0};
unsigned char in[16] = {0};
unsigned char out[32]; /* at least one block longer than in[] */
int outlen1, outlen2;
EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv);
EVP_EncryptUpdate(&ctx, out, &outlen1, in, sizeof(in));
EVP_EncryptFinal(&ctx, out + outlen1, &outlen2);
printf("ciphertext length: %d\n", outlen1 + outlen2);
return 0;
}
For simplicity, I omitted error handling.
为简单起见,我省略了错误处理。
IMO one of the most important pieces of documentation on OpenSSL is Network Security with OpenSSL by Viega/Messier/Chandra. It is from 2002 (0.9.7), so does not cover changes to OpenSSL during the last 10 years, but it is IMO still a less painful way to learn OpenSSL than by using only the manual pages.
IMO关于OpenSSL最重要的文档之一是Viega / Messier / Chandra的OpenSSL网络安全。它是从2002年(0.9.7)开始,因此不包括过去10年中对OpenSSL的更改,但IMO仍然是一种学习OpenSSL的痛苦方式,而不仅仅是使用手册页。
#2
1
Currently OpenSSL wiki has good documentation on how to use the EVP family of functions: http://wiki.openssl.org/index.php/EVP
目前,OpenSSL wiki有关于如何使用EVP系列函数的良好文档:http://wiki.openssl.org/index.php/EVP
The other upside of using the EVP over algorithm API is that EVP will automatically use hardware acceleration (like AES-NI instruction set) if available. With algorithm API you need to enable it manually.
使用EVP over算法API的另一个好处是EVP将自动使用硬件加速(如AES-NI指令集)(如果可用)。使用算法API,您需要手动启用它。
#1
27
Using the EVP API has the advantage that you can use the same API for all the symmetric ciphers that OpenSSL supports, in a generic way. This makes it way easier to replace the algorithm used, or make the algorithm user-configurable at a later stage. Most of the code you write is not specific to the encryption algorithm you selected.
使用EVP API的优势在于,您可以以通用方式为OpenSSL支持的所有对称密码使用相同的API。这使得更换所使用的算法变得更容易,或者在稍后阶段使算法可由用户配置。您编写的大多数代码并非特定于您选择的加密算法。
Here's a simple example for encryption with AES-256 in CBC mode:
以下是在CBC模式下使用AES-256进行加密的简单示例:
#include <stdio.h>
#include <openssl/evp.h>
int main()
{
EVP_CIPHER_CTX ctx;
unsigned char key[32] = {0};
unsigned char iv[16] = {0};
unsigned char in[16] = {0};
unsigned char out[32]; /* at least one block longer than in[] */
int outlen1, outlen2;
EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv);
EVP_EncryptUpdate(&ctx, out, &outlen1, in, sizeof(in));
EVP_EncryptFinal(&ctx, out + outlen1, &outlen2);
printf("ciphertext length: %d\n", outlen1 + outlen2);
return 0;
}
For simplicity, I omitted error handling.
为简单起见,我省略了错误处理。
IMO one of the most important pieces of documentation on OpenSSL is Network Security with OpenSSL by Viega/Messier/Chandra. It is from 2002 (0.9.7), so does not cover changes to OpenSSL during the last 10 years, but it is IMO still a less painful way to learn OpenSSL than by using only the manual pages.
IMO关于OpenSSL最重要的文档之一是Viega / Messier / Chandra的OpenSSL网络安全。它是从2002年(0.9.7)开始,因此不包括过去10年中对OpenSSL的更改,但IMO仍然是一种学习OpenSSL的痛苦方式,而不仅仅是使用手册页。
#2
1
Currently OpenSSL wiki has good documentation on how to use the EVP family of functions: http://wiki.openssl.org/index.php/EVP
目前,OpenSSL wiki有关于如何使用EVP系列函数的良好文档:http://wiki.openssl.org/index.php/EVP
The other upside of using the EVP over algorithm API is that EVP will automatically use hardware acceleration (like AES-NI instruction set) if available. With algorithm API you need to enable it manually.
使用EVP over算法API的另一个好处是EVP将自动使用硬件加速(如AES-NI指令集)(如果可用)。使用算法API,您需要手动启用它。