1 .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
4 .\" ========================================================================
5 .de Sh \" Subsection heading
13 .de Sp \" Vertical space (when we can't use .PP)
17 .de Vb \" Begin verbatim text
22 .de Ve \" End verbatim text
26 .\" Set up some character translations and predefined strings. \*(-- will
27 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
28 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
29 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31 .\" nothing in troff, for use with C<>.
33 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
37 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
51 .\" Escape single quotes in literal strings from groff's Unicode transform.
55 .\" If the F register is turned on, we'll generate index entries on stderr for
56 .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57 .\" entries marked with X<> in POD. Of course, you'll have to process the
58 .\" output yourself in some meaningful fashion.
61 . tm Index:\\$1\t\\n%\t"\\$2"
71 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72 .\" Fear. Run. Save yourself. No user-serviceable parts.
73 . \" fudge factors for nroff and troff
82 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
88 . \" simple accents for nroff and troff
98 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
105 . \" troff and (daisy-wheel) nroff accents
106 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113 .ds ae a\h'-(\w'a'u*4/10)'e
114 .ds Ae A\h'-(\w'A'u*4/10)'E
115 . \" corrections for vroff
116 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
118 . \" for low resolution devices (crt and lpr)
119 .if \n(.H>23 .if \n(.V>19 \
132 .\" ========================================================================
134 .IX Title "EVP_BytesToKey 3"
135 .TH EVP_BytesToKey 3 "2009-11-06" "0.9.8l" "OpenSSL"
136 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
137 .\" way too many mistakes in technical documents.
141 EVP_BytesToKey \- password based encryption routine
143 .IX Header "SYNOPSIS"
145 \& #include <openssl/evp.h>
147 \& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
148 \& const unsigned char *salt,
149 \& const unsigned char *data, int datal, int count,
150 \& unsigned char *key,unsigned char *iv);
153 .IX Header "DESCRIPTION"
154 \&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
155 the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use.
156 The \fBsalt\fR paramter is used as a salt in the derivation: it should point to
157 an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing
158 \&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the
159 iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR
160 and \fBiv\fR respectively.
163 A typical application of this function is to derive keying material for an
164 encryption algorithm from a password in the \fBdata\fR parameter.
166 Increasing the \fBcount\fR parameter slows down the algorithm which makes it
167 harder for an attacker to peform a brute force attack using a large number
168 of candidate passwords.
170 If the total key and \s-1IV\s0 length is less than the digest length and
171 \&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5
172 otherwise a non standard extension is used to derive the extra data.
174 Newer applications should use more standard algorithms such as PKCS#5
175 v2.0 for key derivation.
176 .SH "KEY DERIVATION ALGORITHM"
177 .IX Header "KEY DERIVATION ALGORITHM"
178 The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until
179 enough data is available for the key and \s-1IV\s0. D_i is defined as:
182 \& D_i = HASH^count(D_(i\-1) || data || salt)
185 where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest
186 algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data)
187 is \s-1HASH\s0(\s-1HASH\s0(data)) and so on.
189 The initial bytes are used for the key and the subsequent bytes for
192 .IX Header "RETURN VALUES"
193 \&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
195 .IX Header "SEE ALSO"
196 \&\fIevp\fR\|(3), \fIrand\fR\|(3),
197 \&\fIEVP_EncryptInit\fR\|(3)