What default parameters uses OpenSSL -pbkdf2?

Question

I encrypted a file with this command:

openssl enc -aes-192-cbc -e -pbkdf2 -in <infile> -out <outfile> -pass pass: <password>

Now I'm trying to do decrypt it in c and to take advantage of pbkdf2 I'm using the function:

int PKCS5_PBKDF2_HMAC (const char * pass, int passlen,
                        const unsigned char * salt, int saltlen, int iter,
                        const EVP_MD * digest,
                        int keylen, unsigned char * out);

But the problem is: I know the parameters pass, passlen, keyless and *out...

How do I know what are the parameters for the salt, iter and digest that correspond to the command written above?

Answer 1

The openssl enc command is not a straight encryption of the input file. It adds a "magic" value on the front along with the salt. The magic value is the string "Salted__" (note the double underscore) followed by 8 bytes which is a randomly generated salt. Alternatively you can specify your own salt on the command line with the "-S" option (specified in hex). You can specify the digest to use with the "-md" argument. The default is sha256. You can specify the number of iterations with the "-iter" argument. The default is 10000.