Failed to decrypt AES encrypted file by Javascript using OpenSSL - encryption

The ciphertext is encrypted by Javascript using the AES algorithm in hexadecimal format. I first coded it in Base64 and then decrypted it using OpenSSL.
But it failed, I don't know where it is wrong.
And I am using a Windows compiled version of OpenSSL.
http://gnuwin32.sourceforge.net/packages/openssl.htm
The command is as follows:
openssl enc -aes-128-cbc -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d
result:
bad decrypt
6396:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:./crypto/evp/evp_enc.c:461:
Ciphertext (HEX)
4cb4eb49df960e82c14e158ac418ca918736e4fbb730f532fc37d226e0e8b0e3ce0571ce4c146a6a9e037b9b79d8077568326d7fe2a3f9a91d266cfeb8bfac5668f526bc4d5ee1a21cbe85c8efab8cd1fe29b4a2b412468c6d97b7a3bfd2f69c50691e181fde43710bc61ffff2c6e7cbab59de70b97d993707c16e4a909273cc873d9156dda0ad03214e29048ac39532b8ec11c071174219fefa85e0d489468036154d19d2b683b20b07589abb9f4d863fcd17598d43a8b82d37236ceee7588d08a22f4c9662bba7f4cf6595f28b0e7b7e62f9be2d42f1b11f5c06aca7ed7568d8922d9155c229a8d57b251695c2bd645cb44539e4278b4431ac60a318fbd22afe18b204f9730f86a07c43355ce89f9646be5810e0c6bd2043066d359efe73c8e0ac7f581e048ed1809ad2720ea96f528d0acc7fd622b86d3073e8b1ac0b5d70f4e92b045e8cdf1fb6c999332ba2c279ebab2262589082a8214187a8904671a2c4eec8828335dc7f49fe438fb4e34c762e9f7febe30672a9ced8b0a2b66373d3a3b9efbe46e63f4d8b2723ebe85736f5
Thanks to Topaco for your help. Because of my negligence, mistake CTR for CBC, causing confusion.

You can try the following:
openssl enc -aes-128-cbc -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d
After the -K and -iv options, the input must be a hexadecimal string, i.e. instead of 1234567890000000 you have to use 31323334353637383930303030303030. The -A option says that the Base64-encoded ciphertext is contained in one single line, here. So there is no need to use line breaks.
Update:
It turned out that the JavaScript-code actually applied to generate the posted ciphertext uses CTR-mode for encryption (instead of CBC-mode). Therefore, the OpenSSL-statement which can be used to decrypt the posted ciphertext is:
openssl enc -aes-128-ctr -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d
The decrypted text is:
{"sign":"13adab9285fe86206b73e029ff0d290fc0e31237","timestamp":1570608017,"logid":"MTU3MDYwODA2MjAzMjAuMTMzMjE0Nzc2OTIxNTgxNDY=","uk":3012946979,"shareid":547370362,"fid_list":"[\"482622974717034\"]","input":"aaxb","vcode":"33324238656332346361663334656637323237633636373637643239666664336662393132313032313738303030303030303030303030303031353730363038303530B0D6C0036A1909217D2CDCD5B76B46FB"}
which can be easily verified here.

Related

`md` param doesn't fix `error:06065064:digital envelope routines` error in OpenSSL

Me and my colleagues are trying to exchange encrypted config files. Person A is able to decrypt a file encrypted-dev.enc encrypted by person B. But I can't decrypt it, and person B can't decrypt a file I send her. The error is
bad decrypt
4672347584:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:610:
From reading around (for example this answer), this error refers to the algorithm openssl uses for the message digest. To fix it, people always tell you to specify the algorithm with an argument like -md md5. But our command already includes that argument.
Person A is on openssl 1.1.1f.
Person B is on openssl 1.1.1i.
I am on openssl 1.1.1j.
To encrypt, we're using this command:
export CONFIG_KEY='[ key ]'
openssl enc -md sha1 -aes-256-cbc -pbkdf2 -pass env:CONFIG_KEY -out ./tests/e2e/config/encrypted-dev.enc -in ./tests/e2e/config/config-dev.json
To decrypt, we're doing this:
export CONFIG_KEY='[ key ]'
openssl enc -md sha1 -aes-256-cbc -pbkdf2 -d -pass env:CONFIG_KEY -in ./tests/e2e/config/encrypted-dev.enc -out ./tests/e2e/config/config-dev.json
Has anybody else run into this situation?
To investigate your issue, add -p flag to dump the key and IV, they must be identical when ciphering and deciphering. Add -nosalt to disable salting password (with a random value) to make password to key computation constant.
$ openssl enc -p -nosalt -md sha1 -aes-256-cbc -pbkdf2 -pass env:CONFIG_KEY -out ./tests/e2e/config/encrypted-dev.enc -in ./tests/e2e/config/config-dev.json
key=27D3CEEB44142947B9ADFA4E6D7F6EB731EB6828A6CD4C49257079470599A443
iv =35E21E3684C06DB2F182D69D99BD6E9C
in your case, you will get two differents values, that's your problem.
The parameter name CONFIG_KEY is not accurate, because you are setting a password nota key, CONFIG_PASSW would be more suitable.
If your goal was to use a key (not a password), you can use this syntax
$ openssl enc -e -aes-256-cbc -nosalt -K AC7CBA91D9523EA2A9166341EC66D9DDCB14D3F6BCE33ADB59B16BE8F40AE607 -iv 208DE031141C4ACA18EA7B71B2EAA935 -in test.txt -out test.enc
$ openssl enc -d -aes-256-cbc -nosalt -K AC7CBA91D9523EA2A9166341EC66D9DDCB14D3F6BCE33ADB59B16BE8F40AE607 -iv 208DE031141C4ACA18EA7B71B2EAA935 -in test.enc
Hello world !!!

How to decrypt openssl encryped file with flag -nosalt -base64 and -md sha256?

Given this command:
openssl enc -aes-128-ecb -nosalt -base64 -pass pass:aaaca -in flag.txt -out flag.txt.enc -md sha256
What's the format to decrypt openssl file? My openssl ubuntu version is 1.0.2g.
I'm asking because I tried using openssl enc -d -aes-128-ecb -pass pass:aaaca -in flag.txt.enc -out pass.txt but it says bad magic number with aaaca as password, and when I tried openssl enc -d -aes-128-ecb -nosalt -base64 -md sha256 -in flag.txt.enc -out pass.txt -pass pass:aaaaa (with different password), it says bad decrypt. At this point, I'm not sure anymore. Thanks!
Edit: If you're wondering why am I purposely inputting the wrong password, it's because I'm trying to test out on brute forcing password for one of my assignment. Help appreciated ><
and when I tried openssl enc -d -aes-128-ecb -nosalt -base64 -md sha256 -in flag.txt.enc -out pass.txt -pass pass:aaaaa (with different password), it says bad decrypt.
Yes, of course, because the openssl command line will perform PKCS#7 compatible padding and unpadding by default. So if you decrypt with a wrong key then there is about a 255/256 chance of getting "bad decrypt" because the unpadding fails. If you're "lucky" the incorrect plaintext will contain a valid padding and you'll just get a wrong / randomized plaintext in the output.
So if you get into that situation then you'll have to check if the plaintext message does fit what you expect. If you have nothing to compare the possibly bad plaintext against, well, then you're in trouble as you may find multiple solutions to your problem.

How to encrypt particular values in a property file using openssl or gpg

I wanted to know how I can go about encrypting particular values in a properties file using openssl or gpg.
Most of the examples seem to consist of the below I have seen seem to encrypt the entire file. But I just wanted to use it to encrypt stored passwords.
To Encrypt
openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data
To Decrypt
openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data
You can easily use openssl to encrypt any string you want:
$ echo 12345678901 | openssl enc -e -base64 -aes-256-cbc -k MySecretPassword
U2FsdGVkX18z9p14y9XRhDdRBRoeJfIkdLQXQmGfKag=
In your case you could use a bash script like this:
encrypted=`grep "the.name.of.my.property" myFile.properties|cut -d'=' -f2|openssl enc -e -base64 -aes-256-cbc -k MySecretPassword`
sed "/the.name.of.my.property=/ s/=.*/=$encrypted/" myFile.properties > newFile.properties
This will produce a new file named newFile.properties with the encrypted field.

OpenSSL one line base64 input. error reading input file

I have AES-encrypted file, which encoded to base64 one-line string (without breaklines) and need to decrypt it. Here it is.
But when i use:
openssl enc -d -a -aes-256-cbc -in encrypted -out decrypted
OpenSSL throws "error reading input file"
But base64 util decrypts it like a charm:
base64 -d encrypted | openssl enc -d -aes-256-cbc > decrypted
Trying to find find the cause and convert to one-line base64 file:
base64 -w 0 aesfile | openssl enc -d -a -aes-256-cbc > decrypted
# error reading input file
base64 aesfile | openssl enc -d -a -aes-256-cbc > decrypted
# no errors, file decrypted
Conclusion: OpenSSL can't decode non-multiline base64 inputs
Encrypt
openssl enc -aes-256-cbc -pass pass:YOURPASSWORD -p -in msg.txt -out enc.txt -base64
Decrypt
openssl enc -aes-256-cbc -base64 -pass pass:YOURPASSWORD -d -p -in enc.txt -out dec.txt
If there's no newline in the encrypted file after the base64 line, you get an error saying error reading input file.
If the encryption format is different than the decryption format used in the script, it throws similar error.
Make sure you use the same decryption format used for the file during encryption.

OpenSSL: bad decrypt 3872:error:0607F08A

I'm trying to make a encrypted pass-file, but receive an error:
bad decrypt
3872:error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length:.\crypto\evp\evp_enc.c:414:
please, provide a solution for present error
here is command for making file:
openssl enc -des-ede-cbc -K 16161616161616161515151515151515 -iv
000000000000000 -in C:\OpenSSL\bin\ssl\key\pass.txt -out
C:\OpenSSL\bin\ssl\key\pass.enc -nopad
pass.txt contains just one line with pass
Thanks
It's working for me if I leave out the "-nopad" argument:
openssl enc -des-ede-cbc -K 16161616161616161515151515151515 -iv
000000000000000 -in C:\OpenSSL\bin\ssl\key\pass.txt -out
C:\OpenSSL\bin\ssl\key\pass.enc

Resources