I am currently trying to use OpenSSL to encrypt and decrypt a file, using (encrypt):
openssl rsautl -encrypt -pubin -inkey public.pem -in plaintext.txt -out encyrptiontext.txt
and for the decrypting I am using:
openssl rsautl -decrypt -inkey private.pem -in encyrptiontext.txt
The keys have been generated from the same file, though when I try and decrypt a single line I receive this error:
8952:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:.\crypto\rsa\rs
a_pk1.c:190:
8952:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c
:592:
I am not sure why I am getting this as they are using the default settings and the keys have been generated from the same generator.
Related
I am trying to perform a file encryption which is equal to the below command of openssl:
openssl aes-256-cbc -e -salt -pbkdf2 -iter 10000 -in geometry.json -out geometry.json.enc -pass pass:"password"
I am using the implementation 'not-yet-commons-ssl:not-yet-commons-ssl:0.3.13'
With the default values after the file encryption the decryption from openssl command line always throws up the below error;
40B7B9B5F37F0000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:../providers/implementations/ciphers/ciphercommon_block.c:124:
What do I need to pass to the openssl encrypt function?
Salt is used by default, so you don't need to use it explicitly. I would use higher iteration number with pbkdf2, or in this case, it would make more sense to use sha256 instead of pbkdf2. Also, there is no reason to use quotation marks around your password. pass:"password" should be pass:password unless quotations are part of the password.
You could use this:
openssl aes-256-cbc -pass pass:password -in geometry.json -out geometry.json.enc -pbkdf2 -iter 100000
or this:
openssl aes-256-cbc -k password -in geometry.json -out geometry.json.enc -pbkdf2 -iter 100000
And if you want to use SHA-256 for password hashing then you could use this:
openssl aes-256-cbc -k password -in geometry.json -out geometry.json.enc -md sha256
I get the error message in OpenSSL when trying to encrypt a text file with my public key in DER format: "unable to load Public Key"
The command I currently use in Windows CMD is:
openssl rsautl -pubin -keyform der -inkey certificate.der -encrypt -in textplane.txt -out textplane_enc.txt
And the content I am trying to encrypt is similar to the following:
In the first row has a maximum of 312 characters
In the second row has a maximum of 457 characters
And in the third row has a maximum of 35 characters
I understand that you can see a problem because of the size of this, and that is that I have solved it in C# and perform a separation every certain amount of bytes, but on the other side they would have to use my same structure and it is not like that, on the other side they directly use OpenSSL.
The command they gave me to generate my keys and .DER are:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 730 -out certificate.pem
openssl x509 -in certificate.pem -outform DER -out certificate.der
I really appreciate the help in advance, it's my first post and I hope to be clear.
I want to encrypt local plain text file using openssl and RSAES_OAEP_SHA_256 algorithm.
I tried to use the same approach with this blog entry but it did not work.
https://europatech.co.uk/encryption-decryption-with-kms-and-openssl/
$ echo "hello" > plaintext.txt
$ openssl pkeyutl -encrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 \
-in plaintext.txt -pubin -inkey pubkey.pem -out plaintext.bin
-pkeyopt command before -inkey
Usage: pkeyutl [options]
-in file input file
-out file output file
-sigfile file signature file (verify operation only)
-inkey file input key
-keyform arg private key format - default PEM
-pubin input is a public key
-certin input is a certificate carrying a public key
-pkeyopt X:Y public key options
-sign sign with private key
-verify verify with public key
-verifyrecover verify with public key, recover original data
-encrypt encrypt with public key
-decrypt decrypt with private key
-derive derive shared secret
-hexdump hex dump output
-passin arg pass phrase source
am I missing something?
I was looking for the same openssl command and this worked for me:
openssl pkeyutl -in data.txt -encrypt -pubin -inkey Oaep_Pub_Rsa.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -out enc.pem
I am generating a .pem file using openssl using the command:
openssl genrsa -aes256 -out ca.key.pem 4096
It is working great but when I do this:
openssl genrsa -aes256 -out ca.key.pem 4096 -password pass:abcd
It is still asking me for a password in the terminal and not automatically taking the supplied password.
I've tried generating certificates before and it works for them eg.
openssl pkcs12 -name username -inkey cert/key.key -in abc.pem -export -out cert.p12 -password pass:abcd
You're very close to the goal ! Key size must be the last parameter and -password replace with -passout
openssl genrsa -aes256 -out ca.key.pem -passout pass:abcd 4096
Okay, so I have a text file named Kryptert that is encrypted.
A key file named private with the private key. I want the output to be in a text file named Klartext.
I am about to rip my hair out, because I cannot seem to figure this out.
openssl rsautl -decrypt -inkey C:\private.key -in C:\Kryptert.txt -out C:\Klartext.txt
The command above is what I use, and I get the following output in the CMD windows:
C:\Users\Marco>openssl rsautl -decrypt -inkey C:\private.key -in C:\Kryptert.txt -out C:\Klartext.txt
Loading 'screen' into random state - done
RSA operation error
8560:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:.\crypto\rsa\rsa_pk1.c:190:
8560:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:592:
Anyone able to help me understand what is wrong, and how I could fix it? Thank you.
Here you have the commands you need to encrypt or decrypt using openssl:
Decrypt:
$ openssl rsautl -decrypt -in $ENCRYPTED -out $PLAINTEXT -inkey keys/privkey.pem
Encrypt:
$ openssl rsautl -encrypt -in $PLAINTEXT -out $PLAINTEXT.encrypt -pubin -inkey keys/pubkey.pem
Hope this helps! :)
For encryption:
openssl rsautl -encrypt -in /path/to/your/file -out /path/to/your/encrypted -pubin -inkey /path/to/your/public_key.pem
For decryption:
openssl rsautl -decrypt -in /path/to/your/encrypted -out /path/where/you/want/your/decrypted.txt -inkey /path/to/your/private_key.pem
Note: If you have this decryption error: RSA_EAY_PRIVATE_DECRYPT:data greater than mod len try this command before decrypt your file:
cat yourEncryptedFile| base64 -D > yourEncryptedRawFile
More information here