Using EVP_PKEY with EVP_EncryptInit_ex

Andrew Felsher ncsuandrew12 at gmail.com
Wed Apr 1 17:01:22 UTC 2020 

I'm aware of the symmetric/asymmetric differences. But the EVP_Enrypt...
API takes the key as a bunch of bytes. It shouldn't care whether it's an
RSA key or not, correct? (Though perhaps it would truncate to, in my case,
the first 128 bits since I'm using AES-128-XTS.)

But assuming that I can't somehow use the RSA private key's bits as my
symmetric key, how should I generate a key without requiring user
interaction? Simply calling RAND_bytes?

-Andrew

On Wed, Apr 1, 2020 at 12:53 PM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 01/04/2020 17:34, Andrew Felsher wrote:
> > Hi,
> >
> > I'm trying to do what I assumed would be a very common and typical use
> > of OpenSSL. I'm just encrypting and decrypting some data (in code; not
> > from command line). EVP_EncryptInit_ex (and decrypt, update, and final
> > variants) are the standard way to do this.
> >
> > However, the init functions take a char buffer. All the examples I can
> > find use hard-coded char buffer keys. But obviously I'm not going to be
> > hard-coding my keys. I'm generating them through a couple different
> > means, but ultimately I have EVP_PKEYs (in my case, containing RSA
> > private keys). And there doesn't seem to be a straightforward way to go
> > from EVP_PKEYs to a form consumable by the EVP init functions.
> >
> > EVP_PKEY_get_raw_private_key looks like it would be perfect, but it was
> > introduced in 1.1.1 and I'm limited to 1.1.0.
> >
> > This seems like it would be a very common use case, yet I can't seem to
> > find any examples or documentation anywhere.
> >
> > Am I doing something wrong or making some really off-base assumptions?
>
> EVP_EncryptInit_ex does *symmetric* encryption, i.e. both sides of the
> communication share the same private key. An RSA key in an EVP_PKEY does
> *asymmetric* encryption. Typically anyone can encrypt using the public
> RSA key, but only the owner of the private RSA key can decrypt.
>
> Asymmetric encryption using RSA is limited because it can only encrypt a
> very small amount of data. It is also very slow compared to symmetric
> encryption. Therefore, typically, if you want to encrypt data via an RSA
> key you generate a random symmetric key and encrypt that using your RSA
> key. Then you encrypt the data using the randomly generated symmetric key.
>
> OpenSSL has a built in high level API for doing this combined operation.
> To encrypt you can use the EVP_Seal*() functions. To decrypt use the
> EVP_Open*() functions. See:
>
> https://www.openssl.org/docs/man1.1.1/man3/EVP_SealInit.html
> https://www.openssl.org/docs/man1.1.1/man3/EVP_OpenInit.html
>
> It is also possible to encrypt directly in RSA using EVP_PKEY_encrypt():
>
> https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_encrypt.html
>
>
> Matt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200401/665c2d03/attachment.html>

More information about the openssl-users mailing list