[openssl-users] Stand alone AES-CTR module
Jeffrey Walton
noloader at gmail.com
Mon May 11 17:17:36 UTC 2015
On Sun, May 10, 2015 at 2:47 PM, konstantinos Alexiou
<konstantinakos.a at gmail.com> wrote:
> Dear Sirs,
>
>
> I am new to C programming and i am trying to create an independent to
> libraries source code for demonstration purposes for AES-CTR mode.Could i
> have some help on doing that using the source code contained under
> crypto/aes.
>
You should use the EVP interfaces; see "EVP Symmetric Encryption and
Decryption" on the OpenSSL wiki
(https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption).
For counter mode, never reuse a counter or nonce within a security
context.
CTR mode provides confidentiality only, and its usually not enough to
meet expectations of security. You usually want both confidentiality
and authenticity assurances. The authenticity assurances provide both
entity authentication and data integrity. Its usually a better notion
of security and its called Authenticated Encryption.
For Authenticated Encryption, you should also use the EVP interfaces;
see "EVP Authenticated Encryption and Decryption" on the OpenSSL wiki
(https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption).
GCM mode is usually the mode you use when CWC mode (single pass) or
EAX mode (double pass; slightly better than GCM) is not available.
More information about the openssl-users
mailing list