Howdy, I don't have any experience in coding apps which use cryptography, but I don't want to screw up, so I come looking for some friendly advice.
What I would like to do is to use the openssl simmetric crypto library to encrypt local files, and decrypt them with a user supplied passphrase. Pretty normal stuff, right? I have seen the Blowfish example in the documentation. My doubts are the following: - I gather that it's a bad idea to just encrypt all the files with the passphrase chosen by the user, right? - If so, I would encrypt the files with an internally generated pseudo-random key of the appropriate length, store it encrypted (with the user-chosen passphase as key) on disk, and then use the passphrase entered by the user to decrypt the real key and then decrypt the files with the latter. I think this is what PGP/GPG do, so it should be a better solution than just using the passphrase in the first place. Is this right? - If so, how do I get the pseudo-random data to use as a key? Just read it from /dev/random? (I am on linux.) Or is there a preferred way of doing this? - How do I use the IV value? Is this the "salt"? If so, I don't need it to decrypt the cyphertext, right? (If this is right, why does the decrypt command in the above-mentioned example (http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#EXAMPLES) mention the IV value: "-iv 0102030405060708"?) Thank you for any help. As you can see, I am new to these things. Cheerio, Mack Stevenson _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
