c security encryption cryptography ecryptfs

How to do an aes encryption WITH a user password?

When softwares such as ecryptfs use AES, it asks for a user password (such as "password123").

The AES algorithm by itself does not call for a user password. So where does the "password123" get thrown into the math?

I'm working to make a C function that encrypts some data using a password. I know the typical way of doing it with OpenSSL and an aes key, but I don't know how to get a user password integrated.

Solution

You need to use a key derivation function (KDF). Password-Based Key Derivation Function 2 (PBKDF2) is the current most common approach.

OpenSSL probably exposes PBKDF2, it typically takes in a password and an iteration count (modern systems should use something like 100000 or higher... crank up the number until it takes about 0.3 seconds), and an output length. It may also take a hash function, something in the SHA-2 family (SHA256, SHA384, SHA512) would be a good modern choice.

Why does an empty preprocessor command still evaluate to something?
How to implement variable sized array within C struct
Character array typecasting to integer
How can I exclude non-numeric keys? CS50 Caesar Pset2
How to get the sign, mantissa and exponent of a floating point number
Why do MCU libraries use logic operations instead of bitfield structs?
What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
Determine libraries to link against for a windows library function?
Passing macro values to arm linker that places variable at a specific location
running a program with wildcards as arguments
How to perform addition of two vectors of 8-bit integers with a single addition in C/C++
GNU RISC-V Embedded GCC throws "x ISA extension `xw' must be set with the versions" error
Counting pulses using a swiss flow meter with an Arduino, how is it done?
How to create a folder in C (need to run on both Linux and Windows)
Is there any way to compute the width of an integer type at compile-time?
How can I initialize all members of an array to the same value?
Is C notably faster than C++
How to get the Windows SDK version number a program is compiling with at compile time
Confused by difference between expression inside if and expression outside if
Equivalent of atoi for unsigned integers
k&r: Exercise 1-18. Program takes input but doesnt produce any output?
Using in C thrd_sleep() to either wait for time or interrupt by signal. Example?
How can I compute `exp(x)/2` when `x` is large?
c programming: answer always equates to 0
Is it possible to access a parameter of a function from another function in C?
Will this expression evaluate to true or false (1 or 0) in C?
What Is the Return Value of strcspn() When Str1 Does not Contain Str2?
Mapping a numeric range onto another
Signalled and non-signalled state of event
Why is faster to do a branch than a lookup?