Ok, I looked at the openssl documentation stating that blowfish accepts a variable key length. But it also says to use the EVP method of encryption for Applications because it provides a more generic way to use multiple algorithms, etc...
Anyhow, I can't set a different key length for blowfish using the EVP routines, this is what I'm doing: char iv[]={ 1, 2, 3, 4, 5, 6, 7, 8 }; int do_crypt(char *source, long src_len, char *target, char *key) { int outlen, tmplen; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit(&ctx, EVP_bf_cbc(), key, iv); /* let's try to extend the key length used!!!! */ EVP_CIPHER_CTX_set_key_length(&ctx, 32); if (!EVP_EncryptUpdate(&ctx, target, &outlen, source, src_len+1)) return(0); if (!EVP_EncryptFinal(&ctx, target + outlen, &tmplen)) return(0); outlen += tmplen; EVP_CIPHER_CTX_cleanup(&ctx); return(outlen); } But when I comment out the key length line, and truncate the key so it's only 16 bytes instead of 32, it returns the same ciphertext. Is it not possible with EVP to change the key size?? I've checked the return code of EVP_CIPHER_CTX_set_key_length, and everything looks like it should be working ... I'm using OpenSSL 0.9.6b thanks! -Brad ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]