On Mon, Mar 01, 2010, Kern Sibbald via RT wrote: > Hello, > > On Monday 01 March 2010 17:30:37 Stephen Henson via RT wrote: > > An alternative if you really want to keep changes to a minimum is to use > > the renamed functions EVP_PKEY_encrypt_old and EVP_PKEY_decrypt_old but > > you'd need version dependence in that case. > > > > Thank you for the very fast response. It appears that the solution you > propose to use > > RSA *trsa = EVP_PKEY_get1_RSA(pkey); > ret = RSA_public_encrypt(key_len, key, encrypted_key, trsa, > RSA_PKCS1_PADDING); > RSA_free(trsa); > if (ret <= 0) /* Some error occurred */ > > should satisfy our needs in that it will work on all versions, and it uses an > official interface, which I much prefer. Since I have not programmed SSL, I > need to do a little bit of reading on your API to make sure I implement it > correctly. > > At the moment, the only question I have for the above proposed code is: will > the encryption/decryption (in particular the decryption) be compatible with > data that Bacula has encrypted with the current EVP_PKEY_encrypt() interface? > > I ask because there is a lot of Bacula backup data encrypted, and we need to > ensure that future versions of Bacula will still be able to decrypt it. >
Yes the above calls are equivalent to those EVP_PKEY_encrypt and EVP_PKEY_decrypt used. The actual code for those is in crypto/evp/p_enc.c and crypto/evp/p_dec.c if you want to check. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
