Hello,
On Monday 01 March 2010 17:30:37 Stephen Henson via RT wrote:
> An alternative if you really want to keep changes to a minimum is to use
> the renamed functions EVP_PKEY_encrypt_old and EVP_PKEY_decrypt_old but
> you'd need version dependence in that case.
>
Thank you for the very fast response. It appears that the solution you
propose to use
RSA *trsa = EVP_PKEY_get1_RSA(pkey);
ret = RSA_public_encrypt(key_len, key, encrypted_key, trsa,
RSA_PKCS1_PADDING);
RSA_free(trsa);
if (ret <= 0) /* Some error occurred */
should satisfy our needs in that it will work on all versions, and it uses an
official interface, which I much prefer. Since I have not programmed SSL, I
need to do a little bit of reading on your API to make sure I implement it
correctly.
At the moment, the only question I have for the above proposed code is: will
the encryption/decryption (in particular the decryption) be compatible with
data that Bacula has encrypted with the current EVP_PKEY_encrypt() interface?
I ask because there is a lot of Bacula backup data encrypted, and we need to
ensure that future versions of Bacula will still be able to decrypt it.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
