AES Encryption -Key Generation with OpenSSL
Solution 1
An AES key, and an IV for symmetric encryption, are just bunchs of random bytes. So any cryptographically strong random number generator will do the trick. OpenSSL provides such a random number generator (which itself feeds on whatever the operating system provides, e.g. CryptGenRandom() on Windows or /dev/random and /dev/urandom on Linux). The function is RAND_bytes(). So the code would look like this:
#include <openssl/rand.h>
/* ... */
unsigned char key[16], iv[16];
if (!RAND_bytes(key, sizeof key)) {
/* OpenSSL reports a failure, act accordingly */
}
if (!RAND_bytes(iv, sizeof iv)) {
/* OpenSSL reports a failure, act accordingly */
}
Solution 2
Assuming AES-128:
unsigned char key[16];
RAND_bytes(key, sizeof(key));
unsigned char iv[16];
RAND_bytes(iv, sizeof(iv));
The random generator needs to be seeded before using one of those.
pimmling
Updated on July 09, 2022Comments
-
pimmling almost 2 years
As a reference and as continuation to the post: how to use OpenSSL to decrypt Java AES-encrypted data?
I have the following questions.
I am using OpenSSL libs and programming in C for encrypting data in aes-cbc-128. I am given any input binary data and I have to encrypt this.
I learn that Java has a CipherParameters interface to set IV and KeyParameters too.
Is there a way to generate IV and a key using openSSL? In short how could one use in a C program to call the random generator of openSSL for these purposes. Can any of you provide some docs/examples/links on this?
Thanks
-
pimmling about 13 yearsThanks a lot. I am using a linux system, how should I call the dev/urandom here in the code?
-
pimmling about 13 yearsA quick read on wiki about "random seed" says it is an initial value you provide to start random generator. From Thomas Pornin's msg, I see that OpenSSL picks this seed from /dev/urandom? on linux. How do I then set it with RAND_seed(const void *buf, int num) ???
-
Thomas Pornin about 13 years@pimmling: you do not use
/dev/urandom, the implementation ofRAND_bytes()does it for you. If you use/dev/urandomdirectly (forfeiting portability to the Windows world), then this is just a file (a special file, but seen as a file nonetheless) that you open and read (hencefopen(),fread()andfclose()). CallingRAND_bytes()is easier (one function call instead of three) and more portable (OpenSSL will use the proper OS-provided RNG, be it/dev/urandomon Linux, or something else on other systems). -
pimmling about 13 yearsOh ok. But how do I set a seed value? When I looked at openSSL code, I saw that they set a const string and simply do a RAND_seed(string, sizeof string). Should I do something like this? And these RAND_bytes generate a true random number and not pseudorandom?
-
pimmling about 13 years#include <time.h> unsigned char rnd_seed = (unsigned char) time(NULL)); RAND_seed(rnd_seed, sizeof rnd_seed); How about this?
-
Thomas Pornin about 13 years@pimmling: you do not set the seed. The code in OpenSSL will use the OS to get whatever seed it needs whenever it needs it. If
RAND_bytes()reports an error then it means that it could not get enough seeding material, which means that the OS itself was out of seed, and there is very little that you could have done to avoid that. This will not happen in practice, but if it happens, then you want to abort the application rather than silently using weak random values. Just callRAND_bytes(), and abort if that function returns 0. -
caf about 13 years@pimmling: No, no, a thousand times no.
time(NULL)does not contain nearly enough entropy - if you do that, your system will be trivially insecure. -
Madhur Rawat about 8 years@ThomasPornin Hi. Though this question is old, my question stackoverflow.com/questions/35681704/… is continuation to similar issue here. Can you please have a look at it.
