1 .\" Automatically generated by Pod::Man 2.12 (Pod::Simple 3.05)
4 .\" ========================================================================
5 .de Sh \" Subsection heading
13 .de Sp \" Vertical space (when we can't use .PP)
17 .de Vb \" Begin verbatim text
22 .de Ve \" End verbatim text
26 .\" Set up some character translations and predefined strings. \*(-- will
27 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
28 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
29 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31 .\" nothing in troff, for use with C<>.
33 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
37 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
51 .\" If the F register is turned on, we'll generate index entries on stderr for
52 .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53 .\" entries marked with X<> in POD. Of course, you'll have to process the
54 .\" output yourself in some meaningful fashion.
57 . tm Index:\\$1\t\\n%\t"\\$2"
63 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64 .\" Fear. Run. Save yourself. No user-serviceable parts.
65 . \" fudge factors for nroff and troff
74 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80 . \" simple accents for nroff and troff
90 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
97 . \" troff and (daisy-wheel) nroff accents
98 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105 .ds ae a\h'-(\w'a'u*4/10)'e
106 .ds Ae A\h'-(\w'A'u*4/10)'E
107 . \" corrections for vroff
108 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
110 . \" for low resolution devices (crt and lpr)
111 .if \n(.H>23 .if \n(.V>19 \
124 .\" ========================================================================
126 .IX Title "EVP_BytesToKey 3"
127 .TH EVP_BytesToKey 3 "2007-10-24" "0.9.8g" "OpenSSL"
128 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
129 .\" way too many mistakes in technical documents.
133 EVP_BytesToKey \- password based encryption routine
135 .IX Header "SYNOPSIS"
137 \& #include <openssl/evp.h>
139 \& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
140 \& const unsigned char *salt,
141 \& const unsigned char *data, int datal, int count,
142 \& unsigned char *key,unsigned char *iv);
145 .IX Header "DESCRIPTION"
146 \&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
147 the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use.
148 The \fBsalt\fR paramter is used as a salt in the derivation: it should point to
149 an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing
150 \&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the
151 iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR
152 and \fBiv\fR respectively.
155 A typical application of this function is to derive keying material for an
156 encryption algorithm from a password in the \fBdata\fR parameter.
158 Increasing the \fBcount\fR parameter slows down the algorithm which makes it
159 harder for an attacker to peform a brute force attack using a large number
160 of candidate passwords.
162 If the total key and \s-1IV\s0 length is less than the digest length and
163 \&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5
164 otherwise a non standard extension is used to derive the extra data.
166 Newer applications should use more standard algorithms such as PKCS#5
167 v2.0 for key derivation.
168 .SH "KEY DERIVATION ALGORITHM"
169 .IX Header "KEY DERIVATION ALGORITHM"
170 The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until
171 enough data is available for the key and \s-1IV\s0. D_i is defined as:
174 \& D_i = HASH^count(D_(i\-1) || data || salt)
177 where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest
178 algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data)
179 is \s-1HASH\s0(\s-1HASH\s0(data)) and so on.
181 The initial bytes are used for the key and the subsequent bytes for
184 .IX Header "RETURN VALUES"
185 \&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
187 .IX Header "SEE ALSO"
188 \&\fIevp\fR\|(3), \fIrand\fR\|(3),
189 \&\fIEVP_EncryptInit\fR\|(3)