I need a secure symetric encryption algorithm to apply in my project. I´m studying OpenSSL and Cryptography about a year. I´ve bought two important books that I found about the subject: Network Security with Open SSL and Secure Programming Cookbook for C and C++. Is there anyone else?
I think the OpenSSL solution with AES is a good solutin, but I don´t know if Brian Gladman's AES implementation is best. We have a powerful random number generator, and I will use RAND_bytes() only for simulation. Do you thin EVP API is good?
Thanks
Rafael
Bernhard Froehlich wrote:
Rafael Cividanes wrote:
I´d like to know if the use of EVP API for symetric encryption is a good choice when using OpenSSL.
It depends on what you want to do and how you know about cryptography in general.
"Use the raw OpenSSL API only when absolutely necessary because there is a huge potential for introducing a security vulnerability by accident. For general-purpose use, we recommend a high-level abstraction, such as that discussed in Recipe 5.16 <0596003943_secureprgckbk-chp-5-sect-16.html#secureprgckbk-CHP-5-SECT-16>." - Secure Programming Cookbook for C and C++, Viega & Messier.
Is Viega asking in the sentence above to not use the EVP API? What is the "raw OpenSSL API"?
I think he's just warning you that if you are using low level API there are lots of traps that can cause your programm to seem very secure even if it is in fact very insecure. If you are using EVP API you have to select good keys, use the appropriate algorithms, do correct padding and so on.
On the other hand if you are using high level APIs like for example the SSL-API many of those traps are already handled by the library and the number of mistakes you can make is greatly reduced (though there are still enough remaining).
So if you find a high level API that does what you have to do, it will usually be the better choice. And if you have to use the low level for some reason, be sure to know what you are doing.
Thanks for any help.
[ ]'s
Rafael
Hope it helps. Ted ;)
-- Rafael Cividanes Instituto Tecnológico de Aeronáutica - ITA Divisão de Ciência da Computação - IEC Pça. Mal.Eduardo Gomes, 50 Vila das Acácias CTA-ITA-IEP 12.228-900 São José dos Campos,SP Prédio da Guerra Eletrônica - Sala 235 Tel 12-39476891 E-mail: [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
