Cryptography Reference
In-Depth Information
3. This keying material, along with the encrypted structure, is passed into
des_decrypt
. This process is illustrated in Figure 7-3.
passphrase
salt
once
MD5
counter times
16-byte MD5 output
DES key
IV
Figure 7-3:
PKCS #5 password-based encryption
Checking That Decryption was Successful
If the passphrase was wrong, you still get back a data block here; it's probably a
bad idea to blindly continue with the data without fi rst checking that it decrypted
correctly. Fortunately, there's a simple way to check for success with a reason-
able degree of accuracy. Remember that DES data is always block-aligned. If the
input is already eight-byte aligned, an extra eight bytes of padding is always
added to the end. Therefore, if the last byte of the decrypted data is not between
1 and 8, then the decryption process failed. Of course, it could fail and still have
a fi nal byte in the range between 1 and 8. Technically speaking, you ought to go
ahead and check the padding bytes themselves as well to minimize the chance
of a false positive.
// sanity check
if ( decrypted_key[ encrypted_key->length - 1 ] > 8 )
{
fprintf( stderr, “Decryption error, bad padding\n”);
asn1free( &pkcs8_key );
free( decrypted_key );
return 1;
}
Search WWH ::
Custom Search