Decrypting file created with old openssl version - encryption

I have an archive created with OpenSSL 1.0.lt version (May 2016). I am able to decrypt it by using the same version with command openssl aes-256-cbc -d -in file.enc -out clear.zip -pass pass:MY_KEY. I am not able to decrypt it using a more recent OpenSSL version.
When I try the same command with OpenSSL version 1.1.1 I get an error message: digital envelope routines: EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c.610. Do I have to modify the command?

Related

Could not find header file for OPENSSL

I am trying to install Luasec on Ubuntu terminal, but it just keeps displaying this error to me:
Error: Could not find header file for OPENSSL
No file openssl/ssl.h in /usr/local/include
No file openssl.h/ssl.h/ in /usr/include
No file openssl/ssl.h in /include
You may have to install OPENSSL in your system and/or pass OPENSSL_DIR or OPENSSL_INCDIR to the luarocks command.
When I check OpenSSL version it says its 1.1.1f
So how do I proceed?
sudo apt -y install libssl-dev
Despite the lowercase l this solution works for me (independent of what some responders told here)
luarocks install openssl
Fixed the issue by Installing OpenSSL with terminal through Luarocks with the command:
Luarocks install openssl
And now after installing it, it works.

Unable to configure NGINX to using custom installed openssl

Trying to configure nginx with the custom openssl in the alpine base image, but it does seem to pick the openssl which is placed under /usr/local/openssl
Step 20/22 : RUN cd nginx-${NGINX_VERSION}/ && ./configure ${NGINX_FLAGS} && make && sudo make install
---> Running in 58c8b603c0b7
checking for getaddrinfo() ... found
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found
./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.
If i end up using the --with-openssl flag i need to pass the source for the openssl, which is we do not have.
I am trying to configure nginx to be fips enabled, thus configuring nginx manually to pick the openssl library we have built, any workaround/help is highly appreciated.

OpenSSL: -pbkdf2 option no longer supported?

Until recently I was able to encrypt/decrypt files using the following commands:
Encrypt:
openssl enc -aes-256-cbc -pbkdf2 -in un_encrypted.yml -out encrypted.data
Decrypt:
openssl enc -d -aes-256-cbc -pbkdf2 -in encrypted.data -out un_encrypted.yml
I recently updated my Homebrew packages and it seems the -pbkdf2 option is no longer supported? I cannot get it to work and I keep getting a help prompt on how to use the openssl command (I’ve been using the above commands for several years now). Simply removing the -pbkdf2 option results in a corrupt output file.
Does anyone know how I can decrypt files again?
MacOS Catalina 10.15.4
OpenSSL 1.1.1g
Thanks in advance
More than likely you are using the default openssl, which is LibreSSL, that comes with MacOS. LibreSSL does not support pbkdf2 as far as I could tell, so you should upgrade to full blown openssl.
To find out if you are using LibreSSL run: openssl version
To upgrade to openssl:
brew update
brew install openssl
# if it is already installed, update it:
brew upgrade openssl#1.1
The last step is to ensure that it is in your path before the default:
echo 'export PATH="/usr/local/opt/openssl#1.1/bin:$PATH"' >> ~/.bash_profile

./configure: error: the HTTP gzip module requires the zlib library

I am new to dockers/containers.
I am trying to run a fork with a fix I have put in for openSSL vulnerability of mup-frontend using the following command:
docker build ./
It compiles to a point then errors with
./configure: error: the HTTP gzip module requires the zlib library.
You can either disable the module by using --without-http_gzip_module
option, or install the zlib library into the system, or build the zlib library
statically from the source with nginx by using --with-zlib=<path> option.
I am running a mac so installed zlib with brew. I have searched long and hard but cannot find much on this error.
Because of this error it also fails to build on automation in docker.io
The Dockerfile you reference at
https://github.com/meteorhacks/mup-frontend-server/blob/master/Dockerfile
starts with
FROM debian
so you will need to have such a line in your Dockerfile, before the place where you need zlib
RUN apt-get update && apt-get install -y \
zlib \
--no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
in one RUN, you update, install and clean
yum install -y httpd-devel pcre perl pcre-devel zlib zlib-devel GeoIP GeoIP-devel
Download required packages
cd
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.10.tar.gz
wget http://zlib.net/zlib-1.2.5.tar.gz
wget ftp://ftp.openssl.org/source/openssl-0.9.8o.tar.gz
Now you have to untar these files.
tar -xvf zlib-1.2.5.tar.gz
tar -xvf pcre-8.10.tar.gz
tar -xvf openssl-0.9.8o.tar.gz

Create .deb file from c source file

I have a C program and I want to buid it into deb file to install it. Can you show me how to do it? Thanks so much for helping.
This guide demonstrates how to create a debian package
https://wiki.debian.org/HowToPackageForDebian
Generate a gpg key. Remember the NAME and the EMAIL_ADDRESS you enter.
gpg --gen-key
gpg -a --output ~/.gnupg/ANY_NAME.gpg --export 'YOUR NAME'
gpg --import ~/.gnupg/ANY_NAME.gpg
Then, having installed the necessary packages for building C libraries:
sudo apt-get install build-essential autoconf automake \
autotools-dev dh-make debhelper devscripts fakeroot \
xutils lintian pbuilder pkg-config
move to your C project folder. And run: (enter -s for single binary pkg when prompted )
dh_make -e EMAIL_ADDRESS -f path/to/file.orig.tar.gz
You will see a debian folder with generated files. From those,you should edit as your pkg needs the files control, copyright and changelog files.
Then build the package:
dpkg-buildpackage -rfakeroot
If no errors the package .deb is generated.
Further guides on how to do this here:
- https://askubuntu.com/questions/1345/what-is-the-simplest-debian-packaging-guide
- https://linuxconfig.org/easy-way-to-create-a-debian-package-and-local-package-repository
- https://coderwall.com/p/urkybq/how-to-create-debian-package-from-source

Resources