Visit Jeremy's Blog.
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 11-19-2008, 09:17 AM   #1
Registered: Nov 2008
Posts: 50

Rep: Reputation: 15

I'm starting to have a play with some crypto stuff. I seem to have got some algorithms which work, but i'm having trouble implementing a password structure which is compatible with the likes of openssls'. Can someone point me in the direction of a RFC or suchlike. Currently i'm about to dissect 'passwd.c' from the openssl source, but i'm not sure if it's what i'm actually after (because there numerous ways, e.g. md5, des).

Many thanks...

To be a bit clearer this is concerning symmetric algorithms such as say blowfish. From the user entering the password, how is it turned into a key (possibly concerning, iv's, magic, etc)

Last edited by delite; 11-19-2008 at 09:49 AM. Reason: To be a bit clearer...
Old 11-19-2008, 07:07 PM   #2
Registered: Nov 2008
Posts: 50

Original Poster
Rep: Reputation: 15

I'm testing with openssl. Here's what i'm using with it.
openssl bf-cbc -in test.txt -out test2.bin -pass pass:password
openssl bf-cbc -d -in test.bin -out test2.bin.txt -pass pass:password
Then i've taken an example of symmetrical encryption from the book 'Network Security with OpenSSL' and made it into this. I've been playing with the 'EVP_BytesToKey()' function, of which I think i've got right. It encrypts and decrypts. However when I use the actual openssl program to decrypt it states: 'bad magic number'

Also I notice that the openssl variations output is 16 bytes bigger. From looking at a hex dump I see the string 'Salted__', but thats only 8 bytes. Is the next 8 used as an iv or something? Is it converted to hex? I'm almost assuming that this is internal to a BIO (from looking within enc.c)....

Any points towards the right direction greatly appreciated...

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/evp.h>

#define ALG		EVP_des_ede3_cbc()

int do_crypt(char *fin, char *fout, int do_encrypt, char *pw)
	static const char magic[]="Salted__";
	unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
	EVP_BytesToKey(ALG, EVP_md5(), magic, (unsigned char*)pw, strlen(pw), 1, key, iv);
	FILE *in;
	in = fopen(fin, "r");
	FILE *out;
	out = fopen(fout, "w");
	unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
	int inlen, outlen;
	EVP_CipherInit_ex(&ctx, EVP_bf_cbc(), NULL, NULL, NULL, do_encrypt);
	EVP_CIPHER_CTX_set_key_length(&ctx, 10);
	EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
		inlen = fread(inbuf, 1, 1024, in);
		if(inlen <= 0) break;
		if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
			/* Error */
			return 0;
		fwrite(outbuf, 1, outlen, out);
	if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
		/* Error */
		return 0;
	fwrite(outbuf, 1, outlen, out);
	return 1;

int main (int argc, char *argv[])
	int iret;
	char *s;
	s = (char*)malloc(8+1);
	strcpy(s, (char*)"password");
	iret = do_crypt("test.txt", "test.bin", 1, s);
	iret = do_crypt("test.bin", "test.bin.txt", 0, s);
	return 0;

My simple makefile for building within demos of src:
CFLAGS= -g -I../../include -Wall
LIBS= -L../.. ../../libssl.a ../../libcrypto.a -lcrypto -ldl -pthread

all: $(EXAMPLES) 

main: main.o
	$(CC) -o main main.o $(LIBS)

	rm -f $(EXAMPLES) *.o

Last edited by delite; 11-19-2008 at 07:08 PM. Reason: To disable smiles!


openssl, passwords

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to convert user passwords and group passwords using pwconv? dolceinter1 Linux - Security 2 11-04-2008 10:03 PM
updating samba passwords with system passwords paranoid times Linux - Software 3 10-03-2006 09:04 PM
Sync MySQL passwords with local account passwords? turbine216 Linux - Software 2 02-18-2005 03:15 AM
Completely uninstalling MySQL and its passwords I locked myself out! Baix Linux - Newbie 2 01-30-2005 04:10 PM
Is there a way to sync Samba passwords with linux user passwords MarleyGPN Linux - Networking 2 09-09-2003 10:59 AM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:10 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration