Is there any C API in openssl to derive a key from given string

Question

I need a C API in openssl library for deriving the Key from a given string. Where can i get sample source code for this?

Answer 1

A standard algorithm to do this is PBKDF2 (an acronym for Password-Based Key Derivation Function version 2). There is an implementation of PBKDF2 in OpenSSL, declared in openssl/evp.h:

int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                           unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out);

When you are generating a new key you should use RAND_bytes() from openssl/rand.h to create the salt. iter is the iteration count, which should be as large as your intended application can tolerate - at least something like 20,000.