Method: OpenSSL::Cipher#pkcs5_keyivgen

Defined in:

ossl_cipher.c

#pkcs5_keyivgen(pass, salt = nil, iterations = 2048, digest = "MD5") ⇒ nil

Generates and sets the key/IV based on a password.

WARNING: This method is only PKCS5 v1.5 compliant when using RC2, RC4-40, or DES with MD5 or SHA1. Using anything else (like AES) will generate the key/iv using an OpenSSL specific method. This method is deprecated and should no longer be used. Use a PKCS5 v2 key generation method from OpenSSL::PKCS5 instead.

Parameters

• salt must be an 8 byte string if provided.

• iterations is an integer with a default of 2048.

• digest is a Digest object that defaults to ‘MD5’

A minimum of 1000 iterations is recommended.

Returns:

• (nil)

# File 'ossl_cipher.c', line 301

static VALUE
ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
{
    EVP_CIPHER_CTX *ctx;
    const EVP_MD *digest;
    VALUE vpass, vsalt, viter, vdigest;
    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL;
    int iter;

    rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest);
    StringValue(vpass);
    if(!NIL_P(vsalt)){
  StringValue(vsalt);
  if(RSTRING_LEN(vsalt) != PKCS5_SALT_LEN)
      ossl_raise(eCipherError, "salt must be an 8-octet string");
  salt = (unsigned char *)RSTRING_PTR(vsalt);
    }
    iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
    if (iter <= 0)
  rb_raise(rb_eArgError, "iterations must be a positive integer");
    digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_get_digestbyname(vdigest);
    GetCipher(self, ctx);
    EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
       (unsigned char *)RSTRING_PTR(vpass), RSTRING_LENINT(vpass), iter, key, iv);
    if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1)
  ossl_raise(eCipherError, NULL);
    OPENSSL_cleanse(key, sizeof key);
    OPENSSL_cleanse(iv, sizeof iv);

    rb_ivar_set(self, id_key_set, Qtrue);

    return Qnil;
}