Openssl "data greater than mod len" - encryption

What does the "data is greater than mod len" error message mean? I have encountered this while trying to decrypt data using php's openssl_private_decrypt. How does one go about solving this issue? Been searching hours online, not getting anywhere.

Asymmetric RSA keys can encrypt/decrypt only data of limited length i.e. RSAES-PKCS1-v1_5 encryption scheme defined in RFC3447 can operate on messages of length up to k - 11 octets (k is the octet length of the RSA modulus) so if you are using 2048-bit RSA key then maximum length of the plain data to be encrypted is 245 bytes.

If you are having this decryption error: RSA_EAY_PRIVATE_DECRYPT:data greater than mod len try this command before decrypt your file:
cat yourEncryptedFile| base64 -D > yourEncryptedRawFile

You can also try openssl enc -in cipherTextFile.base64 -out binaryTextFile.bin -d -a. This was what worked for me when I got this error while trying to decrypt. I was then able to decrypt using openssl rsautl -decrypt -in binaryTextFile.bin -out plainTextFile.txt -inkey my-private-key.pem without failure.

Related

Decrypt a text with OpenSSL using key and salt only

I would like to decrypt a text using a 32 characters key and a salt from command line in my MacOS. I have encrypted it in Windows using a program. But, whenever I try to decrypt it from command line I couldn't and get an error.
echo -n PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc= | openssl enc -d -a -aes-256-cbc -K TheTestKeyUsedIs32CharactersLong -S 53616c7455736564 -iv 0 -p
hex string is too short, padding with zero bytes to length
hex string is too short, padding with zero bytes to length
non-hex digit
invalid hex key value
When I try to encrypt
100836
in MacOS it gives me completely different string.
U2FsdGVkX19TYWx0VXNlZA4AWDWo5nzi8p5pYyAeUMg=
using following command:
openssl enc -aes-256-cbc -a -S 53616c7455736564 -iter 5 -k TheTestKeyUsedIs32CharactersLong -in input.txt -out openssl_output.txt
From the application I am using in Windows
100836
is converting into
PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc=
My salt text is SaltUsed
My 32 bit character key is TheTestKeyUsedIs32CharactersLong
Input is PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc=
Should be decrypted in 100836
But, result is completely unexpected.
I have also tried a java program to decrypt it but there I was getting other strings so thought to correct it with command line first and then will jump into the code.
I also tried the key in hex digits but still the response was incorrect and was not as expected.
#Wasif and I spent some time debugging in chat and in the end believe it's most likely a compatbility issue between OpenSSL 1.1.1.d on Windows and OpenSSL 1.1.1.b on macOS.
We went through a number of tests and permutations, using (Key, IV) tuples in hex, using passwords, with and without salts, and ultimately our testing came down to a simple check.
Using openssl enc -a -aes-256-cbc -pass pass:MYPASSWORD -p -in input.txt on Windows we got:
salt=E70092FEBA619144
key=29631452F8C259DFE6FD8E9372EC4B20392395F36B7A0B11769CEBEA987E90A0
iv =93BF2E94462A43B23EF585C0F4B3F1A8
U2FsdGVkX1/nAJL+umGRRGi3ybIPFXf7qrgov7SyXnI=
Using openssl aes-256-cbc -d -a -pass pass:MYPASSWORD -in cipherText.txt (which contains 'U2FsdGVkX1/nAJL+umGRRGi3ybIPFXf7qrgov7SyXnI=' on the Mac we got:
4593573484:error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
Despite this simple test failing, the Mac and Windows boxes successfully encrypted and decrypted locally.
Weird, but this looks like version incompatibility.
Try specifying the digest alorithm:
Default digest has changed between different versions.
See
How to resolve the "EVP_DecryptFInal_ex: bad decrypt" during file decryption

Openssl - AES-256-ECB decrypt with key, bad magic number

Im trying to decrypt a text, which was encrypted with AES-256-ECB with the given key. To decrypt, Im using the same version of the openssl which was used for encryption (OpenSSL 1.1.1d 10 Sep 2019).
String to decrypt: VAWawVAWawxiyH20dI+t5NPAY9w== (inside file.txt)
Key: 461a966faef244e4808d6b2b8e928d01 (inside key.txt)
I tried those commands:
cat file.txt | base64 -d > file2.txt
openssl enc -AES-256-ECB -d -in file2.txt -out answer.txt --kfile key.txt
And im getting: bad magic number. Whats the problem?
openssl enc will normally use a password to derive a key. So it is the derived key that is used to decrypt the file. The derivation process requires a "salt", and openssl enc during encryption stores that salt at the beginning of the file along with a "magic number" to identify it. If the magic number is missing (usually because the file wasn't encrypted by openssl enc or because the password based key derivation derivation method wasn't used) then you get this error.
The -kfile option tells OpenSSL to read the password from a file and then derive the key from it. Probably want you intended was to not use password derivation at all, but to use the explicit key. In which case you need to use the -K option and supply the key on the command line using hex.

Faster Encryption of large file public key and three users

It is a large file to encrypt. I am at the encrypting part. The error is showing:
"Error reading password from Bios"
"Error getting password."
Please let me know what to do. Thanks in advance.
I kind of want to remove cbc mode because it is slow. I read it in an article. Also, the directions say to make it faster since it is needed for three users.
I think this is the problem by using 192 instead of 4096 or higher but I need to lower it to make it go faster speed from the question.
openssl genrsa -aes256 -out pubPrivate.key 192
openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pass File: pubPrivate.key
Also, I read somewhere that there are numbers 0000 in front of the code somewhere causing the error if that matters?
It's unclear what you are trying to do. Encrypt a large file, sure. But how? Symmetric with AES, or asymmetric with RSA?
Your first command, openssl genrsa creates a RSA public/private keypair with length 192, which as Ken White notes is a bad idea, not only is it not a power of 2, but also an incredibly short key length; to give you an estimate of how bad this is, 512 bit RSA keys were broken twenty years ago. In fact, my openssl, version 1.1.1b plainly refuses to even create such a keypair:
$ openssl genrsa -aes256 -out foo.key 192
Generating RSA private key, 192 bit long modulus (2 primes)
25769803792:error:04081078:rsa routines:rsa_builtin_keygen:key size too small:crypto/rsa/rsa_gen.c:78:
Your second command then does something completely different. It tries to encrypt Bigfile.txt using AES256 in CBC mode, which is ok, but you don't give the command a 256bit AES key. Instead, you tell it to look in the RSA key file for a passphrase, which is certainly not what you want. Openssl does not accept this either:
$ openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pass File: pubPrivate.key
Extra arguments given.
enc: Use -help for summary.
So let's assume what you want is to encrypt BigFile.txt symmetrically, with AES256 in CBC mode using a key derived from a password. You would then distribute this password to you three recipients. How fast is this? On my laptop, with a 1GB BigFile.txt:
$ time openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pass pass:start123
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
real 0m3,099s
user 0m1,562s
sys 0m0,968s
So, openssl encrypts around 330MB/sec, and it also tells us that the key derivation is unsafe, and we should use PBKDF2 instead. Let's do this:
$ time openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pbkdf2 -pass pass:start123
real 0m3,202s
user 0m1,656s
sys 0m1,077s

Using Openssl to decrypt AES 128 bits CBC based64 text

I am trying to use Openssl to decrypt the following AES 128 bits CBC based64 text (not padded) contained in the input.txt
bzxCHMWF+KVMumKb6rXTJQ0803fpYyxgdtZ8/nvc0Fc=
the first 16bytes are the IV. the encryption key is h4ckth1sk3yp4d16
I tried using the command:
openssl enc -aes-128-cbc -d -base64 -K 6834636b746831736b33797034643136 -iv 627a7843484d57462b4b564d756d4b62 -in input.txt -out result.txt
in the input.txt, I remove the first 16 bytes of the encrypted text when running the above command.
but I kept getting the error:
bad decrypt 3073874120:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
can anyone tell what's wrong here? thanks!

generation of safe primes

I need to generate a safe prime which has the form 2p + 1 where p is also prime of a certain
bit length (lets say 1024 bits). It is to be used in a DH key exchange.
I believe openssl can do this via
openssl gendh 1024
however this return's a base64 pem format
-----BEGIN DH PARAMETERS-----
MIGHAoGBANzQ1j1z7RGB8XUagrGWK5a8AABecNrovcIgalv1hQdkna2PZorHtbOa
wYe1eDy1t/EztsM2Cncwvj5LBO3Zqsd5tneehKf8JoT35/q1ZznfLD8s/quBgrH8
es2xjSD/9syOMMiSv7/72GPJ8hzhLrbTgNlZ+kYBAPw/GcTlYjc7AgEC
-----END DH PARAMETERS-----
How can I extract the safe prime number from this base64 pem?
is it easier to generate my own safe prime with my own code?
how can i test that a prime is 'safe' and of a certain bit length.
#GregS has an approach that will probably work for you. Based on what you have told me, I would just create a C binary and leverage the BN_generate_prime(...) function in OpenSSL. That cuts out all of the intermediate parsing and despite adding a separate binary into the mix, it's probably easier than the road you are headed down.
I agree with the comments made by #Luke. However, if for some reason you must use openssl command lines there are a few options but they'll only get you so far. None of these will do any significant arithmetic for you; they won't retrieve (p-1)/2 and check it for primality.
You can use the openssl dh command and parse the output. Try it with and without the -C option to see which works better for you. Examples.
openssl gendh -out testdh.pem 1024
openssl dh -in testdh.pem -noout -C
openssl dh -in testdh.pem -noout
If you can handle or prefer binary then you can parse the binary output for the DER-encoded DH structure.
openssl dh -in testdh.pem -outform der -out testdh.der
Another option is to parse the output of the ans1parse command:
openssl asn1parse -in testdh.pem

Resources