I would like to use AES_256_GCM in my software. The OpenSSL wiki page gives me an example: wiki page.
It shows that only function EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) uses key.
My key is SHA3_256 hash of a password (Qt implementation of SHA3_256).
I would like to know if I have to use PKCS#5 to randomize the key or the function takes care of that.
Do I have to randomize key in OpenSSL
215 views Asked by MKAROL At
1
There are 1 answers
Related Questions in OPENSSL
- Java StreamSource from file in web application project
- XSL-FO Stylesheets & Xalan XSLTransformation Engine
- special characters replaced by question mark
- merge existing columns using CSS
- Debug set on False and not load styles and pictures
- Laravel 5.1 linking style sheet not working
- CSS-Selector with no style-definition changes outcome
- How to add a stylesheet into a WinForm WebBrowser in C#?
- IE equivalent to -webkit-appearance?
- Stylesheet breaking website
Related Questions in CRYPTOGRAPHY
- Java StreamSource from file in web application project
- XSL-FO Stylesheets & Xalan XSLTransformation Engine
- special characters replaced by question mark
- merge existing columns using CSS
- Debug set on False and not load styles and pictures
- Laravel 5.1 linking style sheet not working
- CSS-Selector with no style-definition changes outcome
- How to add a stylesheet into a WinForm WebBrowser in C#?
- IE equivalent to -webkit-appearance?
- Stylesheet breaking website
Related Questions in PASSWORDS
- Java StreamSource from file in web application project
- XSL-FO Stylesheets & Xalan XSLTransformation Engine
- special characters replaced by question mark
- merge existing columns using CSS
- Debug set on False and not load styles and pictures
- Laravel 5.1 linking style sheet not working
- CSS-Selector with no style-definition changes outcome
- How to add a stylesheet into a WinForm WebBrowser in C#?
- IE equivalent to -webkit-appearance?
- Stylesheet breaking website
Related Questions in AES
- Java StreamSource from file in web application project
- XSL-FO Stylesheets & Xalan XSLTransformation Engine
- special characters replaced by question mark
- merge existing columns using CSS
- Debug set on False and not load styles and pictures
- Laravel 5.1 linking style sheet not working
- CSS-Selector with no style-definition changes outcome
- How to add a stylesheet into a WinForm WebBrowser in C#?
- IE equivalent to -webkit-appearance?
- Stylesheet breaking website
Related Questions in PKCS#5
- Java StreamSource from file in web application project
- XSL-FO Stylesheets & Xalan XSLTransformation Engine
- special characters replaced by question mark
- merge existing columns using CSS
- Debug set on False and not load styles and pictures
- Laravel 5.1 linking style sheet not working
- CSS-Selector with no style-definition changes outcome
- How to add a stylesheet into a WinForm WebBrowser in C#?
- IE equivalent to -webkit-appearance?
- Stylesheet breaking website
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
You should probably digest the password into a key with OpenSSL's
PKCS5_PBKDF2_HMAC_SHA1
. See How to use PKCS5_PBKDF2_HMAC_SHA1().Each encryption of a string or file should get its own random IV. IVs cannot repeat. Your other option is to use a random key for each string or file.
The output of the encrypt operation is the
{IV,CipherText}
pair.AES_256_GCM
is a good choice. One of the few ways it could get better is with an Integrated Encryption Scheme. You might take a look at openssl-pkey-ec-ies on GitHub. Crypto++ and BouncyCastle also have Elliptic Curve Integrated Encryption Scheme implementations, so you have other choices.Be sure to test interop. They interop, but it takes some knob turning. The problem with interop is there are so many standards providing it, and each is slightly non-interoperable.
To give you an idea of the nuances, ECIES calls out that a particular variable gets hashed (its the length of a given string of data). One standard represents the variable in 4 octets, another in 8 octets. That's the only difference and causes interop issues if you are not aware.