Develop Reference

AES256-CBC encrypt with openssl-enc & How decrypt with Erlang

encrypt with openssl-enc:
echo -n "127.0.0.1:62863" | openssl enc -e -aes-256-cbc -a -salt -k "p0sr8uy*48po"
U2FsdGVkX18K1nNrcAXaZxFhD6VRSMkcDnI5e6vBmXk=
As I Known OpenSSL uses the password and salt to generate Key(the actual encryption key) and IV.
but the crypto:crypto_one_time/5 in Erlang
crypto_one_time(Cipher, Key, IV, Data, FlagOrOptions)
use the Key and IV to decrypt, what I Known now is only password, so how can I decrypt the ciphertext in Erlang?

Not sure if this is what you need, but when using openssl command, we can actually print out the Key (and IV) generated using the -p parameter. So you should then somehow store those values for decryption.
echo -n "127.0.0.1:62863" | openssl enc -e -aes-256-cbc -a -salt -k "p0sr8uy*48po" -p
salt=9B677C2CC233FAC1
key=6B4BD1FB0248E1CAE2C6C9D2702051105A5A41973AE80DC0A5316F1E9A851BD7
iv =2B5DA03AF9E7492ED200BD1C0F4DEF9C
U2FsdGVkX1+bZ3wswjP6wTosfuGdUs84zIzrY10pmPQ=

Encrypt file with aes 128

I want to encrypt a file in linux using this command sudo openssl enc –aes-128-ecb –nosalt -p –in poraka.txt -out poraka.aes but terminal gives me this error Extra arguments given.
What should I delete from this command line?

Start by checking the output:
$ openssl enc –aes-128-ecb –nosalt -p –in poraka.txt -out poraka.aes
Extra arguments given.
enc: Use -help for summary.
Ok so lets run with -help
$ openssl enc -help
Usage: enc [options]
Valid options are:
-help Display this summary
-ciphers List ciphers
-in infile Input file
-out outfile Output file
-pass val Passphrase source
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-v Verbose output
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
-bufsize val Buffer size
-k val Passphrase
-kfile infile Read passphrase from file
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-engine val Use engine, possibly a hardware device
Looks like -p is misused
$ touch poraka.txt
$ openssl enc -aes-128-ecb -nosalt -in poraka.txt -out poraka.aes
enter aes-128-ecb encryption password:
Verifying - enter aes-128-ecb encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
I think this works

Failed to decrypt AES encrypted file by Javascript using OpenSSL

The ciphertext is encrypted by Javascript using the AES algorithm in hexadecimal format. I first coded it in Base64 and then decrypted it using OpenSSL.
But it failed, I don't know where it is wrong.
And I am using a Windows compiled version of OpenSSL.
http://gnuwin32.sourceforge.net/packages/openssl.htm
The command is as follows:
openssl enc -aes-128-cbc -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d
result:
bad decrypt
6396:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:./crypto/evp/evp_enc.c:461:
Ciphertext (HEX)
4cb4eb49df960e82c14e158ac418ca918736e4fbb730f532fc37d226e0e8b0e3ce0571ce4c146a6a9e037b9b79d8077568326d7fe2a3f9a91d266cfeb8bfac5668f526bc4d5ee1a21cbe85c8efab8cd1fe29b4a2b412468c6d97b7a3bfd2f69c50691e181fde43710bc61ffff2c6e7cbab59de70b97d993707c16e4a909273cc873d9156dda0ad03214e29048ac39532b8ec11c071174219fefa85e0d489468036154d19d2b683b20b07589abb9f4d863fcd17598d43a8b82d37236ceee7588d08a22f4c9662bba7f4cf6595f28b0e7b7e62f9be2d42f1b11f5c06aca7ed7568d8922d9155c229a8d57b251695c2bd645cb44539e4278b4431ac60a318fbd22afe18b204f9730f86a07c43355ce89f9646be5810e0c6bd2043066d359efe73c8e0ac7f581e048ed1809ad2720ea96f528d0acc7fd622b86d3073e8b1ac0b5d70f4e92b045e8cdf1fb6c999332ba2c279ebab2262589082a8214187a8904671a2c4eec8828335dc7f49fe438fb4e34c762e9f7febe30672a9ced8b0a2b66373d3a3b9efbe46e63f4d8b2723ebe85736f5
Thanks to Topaco for your help. Because of my negligence, mistake CTR for CBC, causing confusion.

You can try the following:
openssl enc -aes-128-cbc -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d
After the -K and -iv options, the input must be a hexadecimal string, i.e. instead of 1234567890000000 you have to use 31323334353637383930303030303030. The -A option says that the Base64-encoded ciphertext is contained in one single line, here. So there is no need to use line breaks.
Update:
It turned out that the JavaScript-code actually applied to generate the posted ciphertext uses CTR-mode for encryption (instead of CBC-mode). Therefore, the OpenSSL-statement which can be used to decrypt the posted ciphertext is:
openssl enc -aes-128-ctr -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d
The decrypted text is:
{"sign":"13adab9285fe86206b73e029ff0d290fc0e31237","timestamp":1570608017,"logid":"MTU3MDYwODA2MjAzMjAuMTMzMjE0Nzc2OTIxNTgxNDY=","uk":3012946979,"shareid":547370362,"fid_list":"[\"482622974717034\"]","input":"aaxb","vcode":"33324238656332346361663334656637323237633636373637643239666664336662393132313032313738303030303030303030303030303031353730363038303530B0D6C0036A1909217D2CDCD5B76B46FB"}
which can be easily verified here.

Openssl RC4 - password as plain text

I am trying to encrypt using RC4 using openssl. I can match results with online cipher tools only with key as hex but not as plaintext.
Using password option with plaintext - DOES NOT MATCH.
# echo -ne "stackoverflow" | openssl rc4 -pass pass:"rc4cipher" -nopad -nosalt | xxd -p
Result : 8189898ec30bd96a81bca0e293
Getting the symmetric key for the password
#echo -ne "stackoverflow" | openssl rc4 -pass pass:"rc4cipher" -nopad -nosalt -p
key=1E8B649064CC6657312EE7346ED410A4
With hexa key for the above password (-k option) - MATCHES.
echo -ne "stackoverflow" | openssl rc4 -K "1E8B649064CC6657312EE7346ED410A4" -nopad -nosalt | xxd -p
Result :8189898ec30bd96a81bca0e293
I can match my result with online tools by using key as hex but not as plain text.
Can someone help please me with the option to use with openssl ?
Thanks,
Ak

Keys should consist of random binary data. They should not consist of text. If you need to perform password based encryption you need to use a password hash or, more precisely, a Password Based Key Derivation Function to turn the password into a key. Common PBKDF's are bcrypt, scrypt, PBKDF2 and Argon2.
And this is what OpenSSL (command line) does underneath: it uses a weak, OpenSSL proprietary algorithm called EVP_BytesToKey. This is basically only compatible with OpenSSL implementations or compatibility libs.
Most online tools (which you should never use to validate any implementation in the end) simply convert the text to binary using character-encoding such as UTF-8, Windows-1252 or any other - usually unspecified - encoding. This is not secure; it's as braindead as most click-bait encryption tools found online.

Using Openssl to decrypt AES 128 bits CBC based64 text

I am trying to use Openssl to decrypt the following AES 128 bits CBC based64 text (not padded) contained in the input.txt
bzxCHMWF+KVMumKb6rXTJQ0803fpYyxgdtZ8/nvc0Fc=
the first 16bytes are the IV. the encryption key is h4ckth1sk3yp4d16
I tried using the command:
openssl enc -aes-128-cbc -d -base64 -K 6834636b746831736b33797034643136 -iv 627a7843484d57462b4b564d756d4b62 -in input.txt -out result.txt
in the input.txt, I remove the first 16 bytes of the encrypted text when running the above command.
but I kept getting the error:
bad decrypt 3073874120:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
can anyone tell what's wrong here? thanks!