OpenSSL "Seal" in C (or via shell)

Question

I'm working on porting some PHP code to C, that contacts a web API.

The issue I've come across is that the PHP code uses the function openssl_seal(), but I can't seem to find any way to do the same thing in C or even via openssl in a call to system().

From the PHP manual on openssl_seal():

int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , array $pub_key_ids )

openssl_seal() seals (encrypts) data by using RC4 with a randomly generated secret key. The key is encrypted with each of the public keys associated with the identifiers in pub_key_ids and each encrypted key is returned in env_keys . This means that one can send sealed data to multiple recipients (provided one has obtained their public keys). Each recipient must receive both the sealed data and the envelope key that was encrypted with the recipient's public key.

What would be the best way to implement this? I'd really prefer not to call out to a PHP script every time, for obvious reasons.

Answer 1

If you are allowed to use C++ and not just C You can use Crypto++, it will easily do what you need.

Answer 2

You are after the EVP ("Envelope Encryption") part of the C interface to the OpenSSL library:

#include <openssl/evp.h>

int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                 unsigned char **ek, int *ekl, unsigned char *iv,
                 EVP_PKEY **pubk, int npubk);
int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
        int *outl, unsigned char *in, int inl);
int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
        int *outl);

(In this case, since you want RC4 for compatibility with the PHP code, you'd use EVP_rc4() as the type parameter to EVP_SealInit()).

Answer 3

Consider Crypto++ only if you have proficient knowledge in c++.