OpenSSL的使用EVP与算法API对称加密 [英] OpenSSL using EVP vs. algorithm API for symmetric crypto
问题描述
您好,我已经安装了OpenSSL我的Linux机器上,并通过头文件和文档去(这是非常insufficint :()。
Hi i have installed openssl on my linux machine and going through the header files and documentation (which is highly insufficint :( ).
我想建立一个项目(以'C'),它使用对称加密交易算法(我专注于aes256cbc)。
问题是我很困惑,如何在我的code使用的库函数。
i am trying to build a project(in 'c') which uses symmetric crypto algos (i am focusing on aes256cbc). The problem is i am confused as in how to use the library functions in my code.
有关我的实现aes256cbc我可以直接使用在'aes.h'头文件中定义的功能(这似乎是我在第1名)。
For my implementation of aes256cbc i can directly use the functions defined in the 'aes.h' header file(which appeared to me at the first place).
但在谷歌上搜索我来到翻过一些教程,这里面使用'evp.h功能来做到这一点<一个href=\"http://saju.net.in/$c$c/misc/openssl_aes.c.txt\">http://saju.net.in/$c$c/misc/openssl_aes.c.txt
But on googling i came accross some tutorial for this which are using 'evp.h' functions to do this http://saju.net.in/code/misc/openssl_aes.c.txt
是否有此特殊原因或直接访问aes.h功能更好。
Is there a specific reason for this or directly accessing the aes.h functions is better.
并且还,如果有人可以点我到任何一种好的文档/教程使用的OpenSSL加密库将大大AP preciated。
非常感谢
P.S原谅我,如果我太天真
P.S forgive me if i am being naive
推荐答案
使用EVP API有可用于所有的对称密码相同的API,OpenSSL的支持,在一个通用的方式的优势。这使得比较容易的方式来取代所使用的算法,或者使算法用户可配置在后一阶段。大多数你写的code是不特定于您所选择的加密算法。
Using the EVP API has the advantage that you can use the same API for all the symmetric ciphers that OpenSSL supports, in a generic way. This makes it way easier to replace the algorithm used, or make the algorithm user-configurable at a later stage. Most of the code you write is not specific to the encryption algorithm you selected.
下面是CBC模式的AES-256加密一个简单的例子:
Here's a simple example for encryption with AES-256 in CBC mode:
#include <stdio.h>
#include <openssl/evp.h>
int main()
{
EVP_CIPHER_CTX ctx;
unsigned char key[32] = {0};
unsigned char iv[16] = {0};
unsigned char in[16] = {0};
unsigned char out[32]; /* at least one block longer than in[] */
int outlen1, outlen2;
EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv);
EVP_EncryptUpdate(&ctx, out, &outlen1, in, sizeof(in));
EVP_EncryptFinal(&ctx, out + outlen1, &outlen2);
printf("ciphertext length: %d\n", outlen1 + outlen2);
return 0;
}
为了简单起见,我省略了错误处理。
For simplicity, I omitted error handling.
IMO文件对OpenSSL中最重要的部分之一,是网络安全与OpenSSL的由Viega /梅西耶/钱德拉。这是自2002年(0.9.7),所以在过去的10年不包括更改OpenSSL的,但它仍然IMO学习的OpenSSL比只使用手册页不太痛苦的样子。
IMO one of the most important pieces of documentation on OpenSSL is Network Security with OpenSSL by Viega/Messier/Chandra. It is from 2002 (0.9.7), so does not cover changes to OpenSSL during the last 10 years, but it is IMO still a less painful way to learn OpenSSL than by using only the manual pages.
这篇关于OpenSSL的使用EVP与算法API对称加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!