[openssl-users] Is EVP_BytesToKey() still recommended ?

Matt Caswell matt at openssl.org
Mon Feb 26 10:08:40 UTC 2018

On 26/02/18 01:15, pratyush parimal wrote:
> Hi everyone,
> I'm trying to find a way to convert a string password to an AES-256
> encryption key. I came across EVP_BytesToKey(), but the man-page says at
> the end:
> "Newer applications should use a more modern algorithm such as PBKDF2 as
> defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC".
> Does this mean I shouldn't use EVP_BytesToKey(), and should instead find
> out how to use PBKDF2 ? Or do I need to find out how to
> get EVP_BytesToKey() to use PBKDF2?

Don't use EVP_BytesToKey().

Details on the PKCS5_PBKDF2_HMAC function are here:



More information about the openssl-users mailing list