I would like to decrypt a text using a 32 characters key and a salt from command line in my MacOS. I have encrypted it in Windows using a program. But, whenever I try to decrypt it from command line I couldn't and get an error.
echo -n PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc= | openssl enc -d -a -aes-256-cbc -K TheTestKeyUsedIs32CharactersLong -S 53616c7455736564 -iv 0 -p
hex string is too short, padding with zero bytes to length
hex string is too short, padding with zero bytes to length
non-hex digit
invalid hex key value
When I try to encrypt
100836
in MacOS it gives me completely different string.
U2FsdGVkX19TYWx0VXNlZA4AWDWo5nzi8p5pYyAeUMg=
using following command:
openssl enc -aes-256-cbc -a -S 53616c7455736564 -iter 5 -k TheTestKeyUsedIs32CharactersLong -in input.txt -out openssl_output.txt
From the application I am using in Windows
100836
is converting into
PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc=
My salt text is SaltUsed
My 32 bit character key is TheTestKeyUsedIs32CharactersLong
Input is PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc=
Should be decrypted in 100836
But, result is completely unexpected.
I have also tried a java program to decrypt it but there I was getting other strings so thought to correct it with command line first and then will jump into the code.
I also tried the key in hex digits but still the response was incorrect and was not as expected.
#Wasif and I spent some time debugging in chat and in the end believe it's most likely a compatbility issue between OpenSSL 1.1.1.d on Windows and OpenSSL 1.1.1.b on macOS.
We went through a number of tests and permutations, using (Key, IV) tuples in hex, using passwords, with and without salts, and ultimately our testing came down to a simple check.
Using openssl enc -a -aes-256-cbc -pass pass:MYPASSWORD -p -in input.txt on Windows we got:
salt=E70092FEBA619144
key=29631452F8C259DFE6FD8E9372EC4B20392395F36B7A0B11769CEBEA987E90A0
iv =93BF2E94462A43B23EF585C0F4B3F1A8
U2FsdGVkX1/nAJL+umGRRGi3ybIPFXf7qrgov7SyXnI=
Using openssl aes-256-cbc -d -a -pass pass:MYPASSWORD -in cipherText.txt (which contains 'U2FsdGVkX1/nAJL+umGRRGi3ybIPFXf7qrgov7SyXnI=' on the Mac we got:
4593573484:error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
Despite this simple test failing, the Mac and Windows boxes successfully encrypted and decrypted locally.
Weird, but this looks like version incompatibility.
Try specifying the digest alorithm:
Default digest has changed between different versions.
See
How to resolve the "EVP_DecryptFInal_ex: bad decrypt" during file decryption
I have a third-party source of encrypted measurement data that are updated often and need decryption. I know how to decrypt the data in perl or ruby with the mcrypt library.
For documentation purposes and easy access, I would like to document how one would decrypt the ciphertext with command line tools. I have tried the mcrypt and openssl command line tools and cannot seem to decrypt the ciphertext correctly with the command line tools.
The data is encrypted with rijndael-128 in mode ecb. This is outside of my control.
Given the following minimal example:
The encrypted data is stored in file "./ciphertext" in binary.
The ciphertext is the sequence of these bytes: 0xfb 0x0d 0xfb 0xa2 0xfc 0x43 0x0a 0xe5 0xe8 0x8b 0x25 0xac 0x06 0x9c 0xdd 0x77
The file can be created e.g. in bash with printf '\xfb\x0d\xfb\xa2\xfc\x43\x0a\xe5\xe8\x8b\x25\xac\x06\x9c\xdd\x77' >/tmp/ciphertext
The encryption key is 32 repeating bytes of value 121 (that would be 32 lowercase "y"s in ASCII)
I can decrypt the cyphertext in ruby with mcrypt like this:
require "rubygems"
require "mcrypt"
key = "y"*32
ciphertext = IO.read("ciphertext", :encoding => "BINARY")
puts(Mcrypt.new("rijndael-128", :ecb, "y"*32).decrypt(ciphertext))
and in Perl like this:
#!/usr/bin/perl
use Crypt::Rijndael;
my $key = ("y" x 32);
my $ciphertext;
open(my $fh, '<', "ciphertext") or die "cannot open ciphertext";
{
local $/;
$ciphertext = <$fh>;
};
my $cipher = Crypt::Rijndael->new($key, Crypt::Rijndael::MODE_ECB());
print($cipher->decrypt($ciphertext) . "\n");
I would like to know how to decrypt ciphertext encrypted like this with command line tools, preferably openssl, or mcrypt. I have tried these invocations, but I cannot get them right apparently:
$ mcrypt -k yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy -a rijndael-128 -m ECB -d ciphertext
Warning: It is insecure to specify keywords in the command line
An OpenPGP encrypted file has been detected.
Unknown suffix. Will append '.dc'.
File ciphertext was NOT decrypted successfully.
$ openssl enc -aes-256-ecb -d -a -K 7979797979797979797979797979797979797979797979797979797979797979 -in ciphertext -out file.txt
bad decrypt
140057024816256:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../crypto/evp/evp_enc.c:559:
The -a option tells openssl the cipher is base64 encoded. But that's wrong, it is not, in fact, base64 encoded. Also, because no padding was used on encryption you also need to specify the -nopad option.
openssl aes-256-ecb -d -nopad -K 7979797979797979797979797979797979797979797979797979797979797979 -in ciphertext
I am trying to use Openssl to decrypt the following AES 128 bits CBC based64 text (not padded) contained in the input.txt
bzxCHMWF+KVMumKb6rXTJQ0803fpYyxgdtZ8/nvc0Fc=
the first 16bytes are the IV. the encryption key is h4ckth1sk3yp4d16
I tried using the command:
openssl enc -aes-128-cbc -d -base64 -K 6834636b746831736b33797034643136 -iv 627a7843484d57462b4b564d756d4b62 -in input.txt -out result.txt
in the input.txt, I remove the first 16 bytes of the encrypted text when running the above command.
but I kept getting the error:
bad decrypt 3073874120:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
can anyone tell what's wrong here? thanks!
I'm using a script to pack and encrypt archives in order to backup them in cloud storage.
It generates shell commands like this:
cd /vault/backup/pictures; tar cf - vacation-201309 | xz -3 | gpg --symmetric --cipher-algo TWOFISH --digest-algo SHA512 --no-secmem-warning --yes --batch --passphrase-file /vault/keys/back_keyfile -o /vault/backup/upload/vacation-201309.tar.xz.gpg
TWOFISH is a 256-bit cipher which means, that it can only use a keyfile not bigger than,
openssl rand -base64 256:
3zXeZC/XWC1h1lxre88gzkhCZqk6tV7YKCg9HiKDLrooEDYkvwYXQ5LMBLSFdpYr
c2KAP10aq6pfEi4YeL7llQXfd47qXsEDi8nOpBpPRALxv2NYE4qjZC3sTPe+d1ue
cbFM18BmxHN0094YotLBD+6cQIfZyU8GVLLHx8iH2jf48+7QuXigqWW1oT33BPbQ
zrlND50ZFeGNYo7woIRpSvt8KeBm8t75jVEqXIzA2Zei0r9Xsx0mu828t0wZ6mGL
hkj4B5M56eJzFUCFG207Mf/bXvV5X7Pz6W72Y8nhjAtkumdAsEb0Vc0iIHJ64mfH
XWEfs/1T3n2F8/kxASIvPQ==
At least that's how I understand it.
My question is, how would GPG behave, if I pass a bigger key file to it like
openssl rand -base64 512:
P0MzGpZItSu6fKObtJvAx1fLRxPBK/pOIjR9Yv+mCrHLlit7ksHOjif6ln32lXl3
8g/zxdQc39kanAproaOzZ1ulebxbfK1Bi6/OfwhdP1HF61nWBZb03TDtdNNXEDFW
9lAN6kHUUctpY9PhFCv2AmoKSKzv1HsAGkrhqslO4E+3sIlGgVLg69qKHE9yQJSX
s5xhXKTcAcaVZ++HwuTTvIduf3sc2J+BEDzpqrAwES2hV5gFwnFFA6G0md31VwEI
9wf22p07qbOrRryV/0WZUNZfOuZ5g/JgrqhRgq53lK0VHvyRkNjMlx7BW4n3Y/0y
5Lgve8Q89Cx5jwbxPcBnXW5h4SWLFa8bSLrGrn/eDH+F1mA5BbU+3IrBdLgivz0u
Unr+jLD3FbBOv/8jRAyp/iOwMmOw9welTu/mcEEa20gyupeJXxAZaVrNfWdWVORi
PdjW5vR9Rn/NLh6fV46+E39dgTn4TBp/v9h+LZpiVK3nNkry+as9vH73o+nFIe8Q
H/UkchDqmIBLntKc9rBZQrkx8NOzruoWGJoFE/Wb23AHN7RNyYgVgvZTy5QWhILz
CW/mzwMQYAuLbFfnY4cgDs9zLMo4OqFGUmbgbnXO9KbYgsplU2aps9JoOjyWCchm
uWYRNAGWrgdfl8vIaxMz1WUwWJFDxyNrANPRiPFQTUg=
Will it just take the first 256 characters and ignore the rest?
You are using the random as input as a passphrase. Only the first line is used. So you are not generating the key at all, the key is generated using the S2K algorithms, using just the first line.
Note that a 256 bit key does not consist of 256 "characters" or bytes.
I want to encrypt and decrypt one file using one password.
How can I use OpenSSL to do that?
Security Warning: AES-256-CBC does not provide authenticated encryption and is vulnerable to padding oracle attacks. You should use something like age instead.
Encrypt:
openssl aes-256-cbc -a -salt -pbkdf2 -in secrets.txt -out secrets.txt.enc
Decrypt:
openssl aes-256-cbc -d -a -pbkdf2 -in secrets.txt.enc -out secrets.txt.new
More details on the various flags
Better Alternative: GPG
Though you have specifically asked about OpenSSL you might want to consider using GPG instead for the purpose of encryption based on this article OpenSSL vs GPG for encrypting off-site backups?
To use GPG to do the same you would use the following commands:
To Encrypt:
gpg --output encrypted.data --symmetric --cipher-algo AES256 un_encrypted.data
To Decrypt:
gpg --output un_encrypted.data --decrypt encrypted.data
Note: You will be prompted for a password when encrypting or decrypt. And use --no-symkey-cache flag for no cache.
RE: OpenSSL - Short Answer
You likely want to use gpg instead of openssl so see "Additional Notes" at the end of this answer. But to answer the question using openssl:
To Encrypt:
openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data
To Decrypt:
openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data
Note: You will be prompted for a password when encrypting or decrypt.
RE: OpenSSL - Long Answer
Your best source of information for openssl enc would probably be: https://www.openssl.org/docs/man1.1.1/man1/enc.html
Command line:
openssl enc takes the following form:
openssl enc -ciphername [-in filename] [-out filename] [-pass arg]
[-e] [-d] [-a/-base64] [-A] [-k password] [-kfile filename]
[-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md] [-p] [-P]
[-bufsize number] [-nopad] [-debug] [-none] [-engine id]
Explanation of most useful parameters with regards to your question:
-e
Encrypt the input data: this is the default.
-d
Decrypt the input data.
-k <password>
Only use this if you want to pass the password as an argument.
Usually you can leave this out and you will be prompted for a
password. The password is used to derive the actual key which
is used to encrypt your data. Using this parameter is typically
not considered secure because your password appears in
plain-text on the command line and will likely be recorded in
bash history.
-kfile <filename>
Read the password from the first line of <filename> instead of
from the command line as above.
-a
base64 process the data. This means that if encryption is taking
place the data is base64 encoded after encryption. If decryption
is set then the input data is base64 decoded before being
decrypted.
You likely DON'T need to use this. This will likely increase the
file size for non-text data. Only use this if you need to send
data in the form of text format via email etc.
-salt
To use a salt (randomly generated) when encrypting. You always
want to use a salt while encrypting. This parameter is actually
redundant because a salt is used whether you use this or not
which is why it was not used in the "Short Answer" above!
-K key
The actual key to use: this must be represented as a string
comprised only of hex digits. If only the key is specified, the
IV must additionally be specified using the -iv option. When
both a key and a password are specified, the key given with the
-K option will be used and the IV generated from the password
will be taken. It probably does not make much sense to specify
both key and password.
-iv IV
The actual IV to use: this must be represented as a string
comprised only of hex digits. When only the key is specified
using the -K option, the IV must explicitly be defined. When a
password is being specified using one of the other options, the
IV is generated from this password.
-md digest
Use the specified digest to create the key from the passphrase.
The default algorithm as of this writing is sha-256. But this
has changed over time. It was md5 in the past. So you might want
to specify this parameter every time to alleviate problems when
moving your encrypted data from one system to another or when
updating openssl to a newer version.
Encrypt:
openssl enc -in infile.txt -out encrypted.dat -e -aes256 -k symmetrickey
Decrypt:
openssl enc -in encrypted.dat -out outfile.txt -d -aes256 -k symmetrickey
For details, see the openssl(1) docs.
DO NOT USE OPENSSL DEFAULT KEY DERIVATION.
Currently the accepted answer makes use of it and it's no longer recommended and secure.
It is very feasible for an attacker to simply brute force the key.
https://www.ietf.org/rfc/rfc2898.txt
PBKDF1 applies a hash function, which shall be MD2 [6], MD5 [19] or
SHA-1 [18], to derive keys. The length of the derived key is bounded
by the length of the hash function output, which is 16 octets for MD2
and MD5 and 20 octets for SHA-1. PBKDF1 is compatible with the key
derivation process in PKCS #5 v1.5. PBKDF1 is recommended only for compatibility with existing
applications since the keys it produces may not be large enough for
some applications.
PBKDF2 applies a pseudorandom function (see Appendix B.1 for an
example) to derive keys. The length of the derived key is essentially
unbounded. (However, the maximum effective search space for the derived key may be limited by the structure of the underlying
pseudorandom function. See Appendix B.1 for further discussion.)
PBKDF2 is recommended for new applications.
Do this:
openssl enc -aes-256-cbc -pbkdf2 -iter 20000 -in hello -out hello.enc -k meow
openssl enc -d -aes-256-cbc -pbkdf2 -iter 20000 -in hello.enc -out hello.out
Note: Iterations in decryption have to be the same as iterations in encryption.
Iterations have to be a minimum of 10000.
Here is a good answer on the number of iterations: https://security.stackexchange.com/a/3993
Also... we've got enough people here recommending GPG. Read the damn question.
As mentioned in the other answers, previous versions of openssl used a weak key derivation function to derive an AES encryption key from the password. However, openssl v1.1.1 supports a stronger key derivation function, where the key is derived from the password using pbkdf2 with a randomly generated salt, and multiple iterations of sha256 hashing (10,000 by default).
To encrypt a file:
openssl aes-256-cbc -e -salt -pbkdf2 -iter 10000 -in plaintextfilename -out encryptedfilename
To decrypt a file:
openssl aes-256-cbc -d -salt -pbkdf2 -iter 10000 -in encryptedfilename -out plaintextfilename
Note: An equivalent/compatible implementation in javascript (using the web crypto api) can be found at https://github.com/meixler/web-browser-based-file-encryption-decryption.
Update using a random generated public key.
Encypt:
openssl enc -aes-256-cbc -a -salt -in {raw data} -out {encrypted data} -pass file:{random key}
Decrypt:
openssl enc -d -aes-256-cbc -in {ciphered data} -out {raw data}
To Encrypt:
$ openssl bf < arquivo.txt > arquivo.txt.bf
To Decrypt:
$ openssl bf -d < arquivo.txt.bf > arquivo.txt
bf === Blowfish in CBC mode
There is an open source program that I find online it uses openssl to encrypt and decrypt files. It does this with a single password. The great thing about this open source script is that it deletes the original unencrypted file by shredding the file. But the dangerous thing about is once the original unencrypted file is gone you have to make sure you remember your password otherwise they be no other way to decrypt your file.
Here the link it is on github
https://github.com/EgbieAnderson1/linux_file_encryptor/blob/master/file_encrypt.py
Note that the OpenSSL CLI uses a weak non-standard algorithm to convert the passphrase to a key, and installing GPG results in various files added to your home directory and a gpg-agent background process running. If you want maximum portability and control with existing tools, you can use PHP or Python to access the lower-level APIs and directly pass in a full AES Key and IV.
Example PHP invocation via Bash:
IV='c2FtcGxlLWFlcy1pdjEyMw=='
KEY='Twsn8eh2w2HbVCF5zKArlY+Mv5ZwVyaGlk5QkeoSlmc='
INPUT=123456789023456
ENCRYPTED=$(php -r "print(openssl_encrypt('$INPUT','aes-256-ctr',base64_decode('$KEY'),OPENSSL_ZERO_PADDING,base64_decode('$IV')));")
echo '$ENCRYPTED='$ENCRYPTED
DECRYPTED=$(php -r "print(openssl_decrypt('$ENCRYPTED','aes-256-ctr',base64_decode('$KEY'),OPENSSL_ZERO_PADDING,base64_decode('$IV')));")
echo '$DECRYPTED='$DECRYPTED
This outputs:
$ENCRYPTED=nzRi252dayEsGXZOTPXW
$DECRYPTED=123456789023456
You could also use PHP's openssl_pbkdf2 function to convert a passphrase to a key securely.