OpenSSL 使用 EVP 与算法 API 进行对称加密 [英] OpenSSL using EVP vs. algorithm API for symmetric crypto

问题描述

我已经在我的 linux 机器上安装了 openssl 并浏览了头文件和文档(这是非常不够的 :().

Hi i have installed openssl on my linux machine and going through the header files and documentation (which is highly insufficint :( ).

我正在尝试构建一个使用对称加密算法的项目(在c"中)(我专注于 aes256cbc).问题是我对如何在我的代码中使用库函数感到困惑.

i am trying to build a project(in 'c') which uses symmetric crypto algos (i am focusing on aes256cbc). The problem is i am confused as in how to use the library functions in my code.

对于 aes256cbc 的实现，我可以直接使用aes.h"头文件中定义的函数(最初出现在我看来).

For my implementation of aes256cbc i can directly use the functions defined in the 'aes.h' header file(which appeared to me at the first place).

但在谷歌搜索时，我遇到了一些使用evp.h"函数来执行此操作的教程http://saju.net.in/code/misc/openssl_aes.c.txt

But on googling i came accross some tutorial for this which are using 'evp.h' functions to do this http://saju.net.in/code/misc/openssl_aes.c.txt

这个有什么具体原因还是直接访问aes.h函数比较好.

Is there a specific reason for this or directly accessing the aes.h functions is better.

此外，如果有人可以向我指出有关使用 openssl 加密库的任何类型的良好文档/教程，我将不胜感激.

非常感谢

P.S 原谅我幼稚

推荐答案

使用 EVP API 的优点是您可以以通用方式对 OpenSSL 支持的所有对称密码使用相同的 API.这使得替换所使用的算法变得更容易，或者使算法在稍后阶段可由用户配置.您编写的大部分代码并非特定于您选择的加密算法.

Using the EVP API has the advantage that you can use the same API for all the symmetric ciphers that OpenSSL supports, in a generic way. This makes it way easier to replace the algorithm used, or make the algorithm user-configurable at a later stage. Most of the code you write is not specific to the encryption algorithm you selected.

以下是在 CBC 模式下使用 AES-256 进行加密的简单示例:

Here's a simple example for encryption with AES-256 in CBC mode:

#include <stdio.h>
#include <openssl/evp.h>

int main()
{
    EVP_CIPHER_CTX ctx;
    unsigned char key[32] = {0};
    unsigned char iv[16] = {0};
    unsigned char in[16] = {0};
    unsigned char out[32]; /* at least one block longer than in[] */
    int outlen1, outlen2;

    EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv);
    EVP_EncryptUpdate(&ctx, out, &outlen1, in, sizeof(in));
    EVP_EncryptFinal(&ctx, out + outlen1, &outlen2);

    printf("ciphertext length: %d
", outlen1 + outlen2);

    return 0;
}

为简单起见，我省略了错误处理.

For simplicity, I omitted error handling.

IMO 最重要的 OpenSSL 文档之一是 Viega/Messier/Chandra 的 OpenSSL 网络安全.它是从 2002 (0.9.7) 开始的，所以没有涵盖过去 10 年中 OpenSSL 的变化，但与仅使用手册页相比，IMO 仍然是学习 OpenSSL 的一种更轻松的方式.

IMO one of the most important pieces of documentation on OpenSSL is Network Security with OpenSSL by Viega/Messier/Chandra. It is from 2002 (0.9.7), so does not cover changes to OpenSSL during the last 10 years, but it is IMO still a less painful way to learn OpenSSL than by using only the manual pages.

这篇关于OpenSSL 使用 EVP 与算法 API 进行对称加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！