Linux OpenSSL 使用 EVP 与算法 API 进行对称加密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10366950/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
OpenSSL using EVP vs. algorithm API for symmetric crypto
提问by abhi
Hi i have installed openssl on my linux machine and going through the header files and documentation (which is highly insufficint :( ).
嗨,我已经在我的 linux 机器上安装了 openssl 并浏览了头文件和文档(这是非常不够的 :( )。
i am trying to build a project(in 'c') which uses symmetric crypto algos (i am focusing on aes256cbc). The problem is i am confused as in how to use the library functions in my code.
我正在尝试构建一个使用对称加密算法的项目(在“c”中)(我专注于 aes256cbc)。问题是我对如何在我的代码中使用库函数感到困惑。
For my implementation of aes256cbc i can directly use the functions defined in the 'aes.h' header file(which appeared to me at the first place).
对于 aes256cbc 的实现,我可以直接使用“aes.h”头文件中定义的函数(首先出现在我看来)。
But on googling i came accross some tutorial for this which are using 'evp.h' functions to do this http://saju.net.in/code/misc/openssl_aes.c.txt
但是在谷歌搜索时,我遇到了一些使用“evp.h”函数来执行此操作的教程http://saju.net.in/code/misc/openssl_aes.c.txt
Is there a specific reason for this or directly accessing the aes.h functions is better.
是否有特定原因或直接访问 aes.h 函数更好。
And also if someone can point me to a good documentation/tutorial of any kind on using the crypto library of openssl will be much appreciated.
而且,如果有人可以向我指出有关使用 openssl 加密库的任何类型的良好文档/教程,我将不胜感激。
many thanks
非常感谢
P.S forgive me if i am being naive
PS如果我幼稚请原谅我
采纳答案by Daniel Roethlisberger
Using the EVP API has the advantage that you can use the same API for all the symmetric ciphers that OpenSSL supports, in a generic way. This makes it way easier to replace the algorithm used, or make the algorithm user-configurable at a later stage. Most of the code you write is not specific to the encryption algorithm you selected.
使用 EVP API 的优势在于您可以以通用方式为 OpenSSL 支持的所有对称密码使用相同的 API。这使得替换所使用的算法变得更容易,或者使算法在稍后阶段可由用户配置。您编写的大多数代码并非特定于您选择的加密算法。
Here's a simple example for encryption with AES-256 in CBC mode:
这是在 CBC 模式下使用 AES-256 进行加密的简单示例:
#include <stdio.h>
#include <openssl/evp.h>
int main()
{
EVP_CIPHER_CTX ctx;
unsigned char key[32] = {0};
unsigned char iv[16] = {0};
unsigned char in[16] = {0};
unsigned char out[32]; /* at least one block longer than in[] */
int outlen1, outlen2;
EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv);
EVP_EncryptUpdate(&ctx, out, &outlen1, in, sizeof(in));
EVP_EncryptFinal(&ctx, out + outlen1, &outlen2);
printf("ciphertext length: %d\n", outlen1 + outlen2);
return 0;
}
For simplicity, I omitted error handling.
为简单起见,我省略了错误处理。
IMO one of the most important pieces of documentation on OpenSSL is Network Security with OpenSSL by Viega/Messier/Chandra. It is from 2002 (0.9.7), so does not cover changes to OpenSSL during the last 10 years, but it is IMO still a less painful way to learn OpenSSL than by using only the manual pages.
IMO 最重要的 OpenSSL 文档之一是Viega/Messier/Chandra 的 Network Security with OpenSSL。它是从 2002 (0.9.7) 开始的,因此没有涵盖过去 10 年中 OpenSSL 的变化,但与仅使用手册页相比,IMO 仍然是学习 OpenSSL 的一种更轻松的方式。
回答by Hubert Kario
Currently OpenSSL wiki has good documentation on how to use the EVP family of functions: http://wiki.openssl.org/index.php/EVP
目前 OpenSSL wiki 有关于如何使用 EVP 系列函数的很好的文档:http: //wiki.openssl.org/index.php/EVP
The other upside of using the EVP over algorithm API is that EVP will automatically use hardware acceleration (like AES-NI instruction set) if available. With algorithm API you need to enable it manually.
使用 EVP over algorithm API 的另一个好处是,如果可用,EVP 将自动使用硬件加速(如 AES-NI 指令集)。使用算法 API,您需要手动启用它。
