Please - Help me out here - Need to make design decision based on your answer

[Radhika Gunasekar]

-----Original Message----- From: Radhika Gunasekar [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 10:46 AM To: 'openssl-users@openssl.org' Subject: Encrypting/Decrypting messages   Hello,   I am a new user to OpenSSL. I have couple of questions.   Background:   I am working on a client/server environment. Both communicate with each other via TCPIP/UDP protocol.  Client is on Linux and Server is on AIX. We need to encrypt messages going between them and also able to decrypt the messages received. Application that we are communicating is currently return in “C”.   By going through documents in openssl.org , I found out that I could use libcrypto.so  on both LINUX and AIX side and use it’s high level EVP interface functions to achieve what we are looking for. Here are the functions that I am planning to use.    EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal fo Encrytion and  Evp_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal for Decryption.   And I am planning to use blowfish symmetric cipher algorithm.   Now my questions are:   Am I going in the right direction? Are there any other better way to handle message encryption and decryption? What are EVP_Seal functions, are they better than using EVP_Encyrpt/EV_Decrypt functions? Since the applications we are communicating between are real time application, would blowfish provide the fastest encryption/decryption algorithm that we are looking for?   Currently I am planning to use the common key between client and server which will be stored in a protect file on both client and server to perform encryption and decryption. Are there any better ways to protect the key information?    Please reply. Thanks for your help.   Regards, Radhika.