2 ''' $RCSfile$$Revision$$Date$
20 .ie \\n(.$>=3 .ne \\$3
36 ''' Set up \*(-- to give an unbreakable dash;
37 ''' string Tr holds user defined translation string.
38 ''' Bell System Logo is used as a dummy character.
44 .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
45 .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
48 ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
49 ''' \*(L" and \*(R", except that they are used on ".xx" lines,
50 ''' such as .IP and .SH, which do another additional levels of
51 ''' double-quote interpretation
80 .\" If the F register is turned on, we'll generate
81 .\" index entries out stderr for the following things:
86 .\" X<> Xref (embedded
87 .\" Of course, you have to process the output yourself
88 .\" in some meaninful fashion.
91 .tm Index:\\$1\t\\n%\t"\\$2"
96 .TH EVP_BytesToKey 3 "0.9.7d" "2/Sep/2004" "OpenSSL"
100 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
101 .de CQ \" put $1 in typewriter font
107 \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
110 .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
111 . \" AM - accent mark definitions
113 . \" fudge factors for nroff and troff
122 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
128 . \" simple accents for nroff and troff
141 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
142 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
143 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
144 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
145 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
146 . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
147 . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
148 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
149 . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
151 . \" troff and (daisy-wheel) nroff accents
152 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
153 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
154 .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
155 .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
156 .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
157 .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
158 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
159 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
160 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
161 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
162 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
163 .ds ae a\h'-(\w'a'u*4/10)'e
164 .ds Ae A\h'-(\w'A'u*4/10)'E
165 .ds oe o\h'-(\w'o'u*4/10)'e
166 .ds Oe O\h'-(\w'O'u*4/10)'E
167 . \" corrections for vroff
168 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
169 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
170 . \" for low resolution devices (crt and lpr)
171 .if \n(.H>23 .if \n(.V>19 \
175 . ds v \h'-1'\o'\(aa\(ga'
191 EVP_BytesToKey \- password based encryption routine
195 \& #include <openssl/evp.h>
198 \& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
199 \& const unsigned char *salt,
200 \& const unsigned char *data, int datal, int count,
201 \& unsigned char *key,unsigned char *iv);
204 \fIEVP_BytesToKey()\fR derives a key and IV from various parameters. \fBtype\fR is
205 the cipher to derive the key and IV for. \fBmd\fR is the message digest to use.
206 The \fBsalt\fR paramter is used as a salt in the derivation: it should point to
207 an 8 byte buffer or NULL if no salt is used. \fBdata\fR is a buffer containing
208 \fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the
209 iteration count to use. The derived key and IV will be written to \fBkey\fR
210 and \fBiv\fR respectively.
212 A typical application of this function is to derive keying material for an
213 encryption algorithm from a password in the \fBdata\fR parameter.
215 Increasing the \fBcount\fR parameter slows down the algorithm which makes it
216 harder for an attacker to peform a brute force attack using a large number
217 of candidate passwords.
219 If the total key and IV length is less than the digest length and
220 \fBMD5\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5
221 otherwise a non standard extension is used to derive the extra data.
223 Newer applications should use more standard algorithms such as PKCS#5
224 v2.0 for key derivation.
225 .SH "KEY DERIVATION ALGORITHM"
226 The key and IV is derived by concatenating D_1, D_2, etc until
227 enough data is available for the key and IV. D_i is defined as:
230 \& D_i = HASH^count(D_(i-1) || data || salt)
232 where || denotes concatentaion, D_0 is empty, HASH is the digest
233 algorithm in use, HASH^\fI1\fR\|(data) is simply \fIHASH\fR\|(data), HASH^\fI2\fR\|(data)
234 is \fIHASH\fR\|(HASH(data)) and so on.
236 The initial bytes are used for the key and the subsequent bytes for
239 \fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
246 .IX Title "EVP_BytesToKey 3"
247 .IX Name "EVP_BytesToKey - password based encryption routine"
251 .IX Header "SYNOPSIS"
253 .IX Header "DESCRIPTION"
257 .IX Header "KEY DERIVATION ALGORITHM"
259 .IX Header "RETURN VALUES"
261 .IX Header "SEE ALSO"