[openssl-users] EVP Functions
Michael Wojcik
Michael.Wojcik at microfocus.com
Wed Apr 12 15:13:23 UTC 2017
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Eudald Sabaté Creixell
> Sent: Wednesday, April 12, 2017 10:43
> First of all I'm new to OpenSSL and EVP functions. I've been using them in a project in order to encrypt/decrypt files
> using 256-bit AES in CBC mode, and using these functions to entirely encrypt/decrypt a file I've found any problem.
> Now, I've been asked to decrypt a file partially, and the problem we've found is that when decrypting it block by block,
> if the block to be decrypted is not the first one I have rubbish characters. But when decrypting all the content of the
> file, starting by the beginning block these characters does not appear.
> So, my question is if it is possible to decrypt a file partially, and I will be very grateful if you could help me.
In CBC mode, the previous block's ciphertext is the IV for the current block. To skip ahead to block N, you need to use block N-1's ciphertext as the IV. If my understanding is correct (I haven't actually tried implementing this), that's all you should need.
Doing this using OpenSSL's EVP API is left as an exercise for the reader.
If you're doing anything non-trivial with cryptography, and not using a very high-level interface above a robust implementation, you need to understand the subject. Anything less is the royal road to compromising the security of your system. There are some decent Wikipedia articles (the one on "Block cipher modes of operation" would have answered this question), but really if you're going to be working at this level you should start with a general introduction such as /Applied Cryptography/.
Even then, cryptography is a complex professional specialization, even if you're not working in cryptographic research or cryptanalysis. It's an area where a little knowledge is a very dangerous thing. I say this as someone who doesn't know enough about the subject to develop cryptographic protocols (much less primitives), despite having studied it for many years.
Michael Wojcik
Distinguished Engineer, Micro Focus
More information about the openssl-users
mailing list