On Thu, Oct 25, 2007, MaxAndr wrote: > > > Kiefer, Sascha wrote: > > > > if you use the unsimplefied version of the cryptoapi you have to reverse > > the bytes auf your results before using them. > > > > I'm not sure that the translation is correct at all. Since the derived keys > and the encrypted data are completely different. > > If EVP_BytesToKey() gives not appropriable key then may be I should try some > other functions. I have read about > http://www.openssl.org/docs/crypto/EVP_BytesToKey.html EVP_BytesToKey() > that > "Newer applications should use more standard algorithms such as PKCS#5 v2.0 > for key derivation". > > Which of them should I use? > >
None of them. CryptDeriveKey() doesn't have a direct equivalent in OpenSSL for 3DES keys. I can't remember the details but CryptDeriveKey() does something different when the message digest doesn't provide enough keying material. Do a search on the web somewhere. EVP_BytesToKey() does non standard things too in such circumstances which is why things like PKCS#5 v2.0 are recommended for new applications. However that wont help with your case. You have several options. One is to use the exponent of one hack in CryptoAPI to use a raw key (see MS knowledge base). Alternatively you can write an implementation of CryptDeriveKey() based on OpenSSL functions (digests). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
