|
From: | Sam Varshavchik |
Subject: | Re: [gnutls-dev] Symmetric cipher API |
Date: | Mon, 19 Nov 2007 18:31:13 -0500 |
Werner Koch writes:
On Mon, 19 Nov 2007 13:14, address@hidden said:input piece-meal, as an arbitrary data stream, and the EVP functions take care of carving it up into block-sized chunks and feeding each chunk to the cipher function. Finally, the EVP functions take care ofThe format of these chunks is entirely protocol depended and thus is not a good choice for a low level API. You think that CMS is what everyone needs, I use OpenPGP more often and Joe Hacker thinks that BAR/9001 is a better protocol and thus wants an API to fit its outer formatting rules.
I'm not sure I understand what exactly is so protocol-dependent here. An application needs to encrypt 900 bytes using a symmetric cipher with a block size of 8 bytes. It looks to me like the only option here is 112, continuous, full blocks and one partial block, using PKCS padding. That's pretty much a standard, if there is one, and the EVP_CIPHER API that was introduced in OpenSSL 0.9.7a greatly simplified the whole process for me, as an application developer. It's all documented here: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
Anyway, I wrote and tested the libgcrypt equivalent which emulates enough of the above API to allow me to compile existing OpenSSL code that uses the API, without any changes. As I said, it's yours for asking; and I would even suggest turning it into a native libgcrypt API, with lightweight OpenSSL-compatible glue; instead of just putting it into libgnutls-extra verbatim, as is.
pgpYzpcRL0rOq.pgp
Description: PGP signature
[Prev in Thread] | Current Thread | [Next in Thread] |