OpenSSL: First steps with Hashing and crypt functions
As I’m starting to work with OpenSSL to rewrite my password wallet, which uses ECB mode to store data, I wanted to write down a few notes about how to use it.
My first step was to know how OpenSSL worked. Here a few useful snippets to do basic tasks:
sha256 on a string
AES 256, CBC crypt
To decrypt, the method is the same, and we’ve just to use EVP_DecryptInit_ex, EVP_DecryptUpdate and EVP_DecryptFinal_ex functions.
You’ll find at https://mkz.me/~mycroft/b/sslfilecrypt.c a simple tool using those functions in OpenSSL. It uses getpass(3) to get your password, then uses sha256 functions to get the crypt key, and then inits an IV and write in the file the crypted data.
Note that we’ll be able to change algorithm used around line 186 to use Camellia instead of AES (enabling *EVP_aes_256_cbc(3) or EVP_camellia_256_cbc(3)).
This tool is a proof of concept and should not be used for a real use. It misses important things, like rewriting memory to 0 after use.