Block Ciphers
206 RSA BSAFE Crypto-C Developer’s Guide
Password-Based EncryptionIn previous encryption methods, you used a random number generator to produce a
key. In password-based encryption (PBE), you will use a message digest algorithm to
derive a key from a password. See “Message Digests” on page 47 for information on
that topic.
For encryption, enter a password, append a salt to the password (see Step 2), and
digest that quantity. Extract the required number of bytes from the digest and you
have a key. Use that key to encrypt data using DES or the RC2 algorithm.
For decryption, enter a password, append the same salt, and then digest. Extract the
required number of bytes from the digest and use them as a key to decrypt. If you
entered the same password that you used to encrypt, you will obtain the same digest
and hence the same key, and the encrypted data will decrypt to the original data.
Crypto-C will automatically append the salt, digest the data, and extract the key.
The example in this section corresponds to the file pbe.c.
Step 1: Creating An Algorithm Object
Declare a variable to be B_ALGORITHM_OBJ. As defined in the function prototype in
Chapter 4 of the Reference Manual, its address is the argument for
B_CreateAlgorithmObject:
B_DestroyAlgorithmObject (&rc6Encrypter);
if (aesKeyItem.data != NULL_PTR) {
T_memset (aesKeyItem.data, 0, aesKeyItem.len);
T_free (aesKeyItem.data);
aesKeyItem.data = NULL_PTR;
aesKeyItem.len = 0;
}
B_ALGORITHM_OBJ pbEncrypter = (B_ALGORITHM_OBJ)NULL_PTR;
if ((status = B_CreateAlgorithmObject (&pbEncrypter)) != 0)
break;