Search code examples
encryptioncommand-lineopensslmcrypt

How to decrypt rijndael with command line tool

I have a third-party source of encrypted measurement data that are updated often and need decryption. I know how to decrypt the data in perl or ruby with the mcrypt library.

For documentation purposes and easy access, I would like to document how one would decrypt the ciphertext with command line tools. I have tried the mcrypt and openssl command line tools and cannot seem to decrypt the ciphertext correctly with the command line tools.

The data is encrypted with rijndael-128 in mode ecb. This is outside of my control.

Given the following minimal example:

  • The encrypted data is stored in file "./ciphertext" in binary.
    • The ciphertext is the sequence of these bytes: 0xfb 0x0d 0xfb 0xa2 0xfc 0x43 0x0a 0xe5 0xe8 0x8b 0x25 0xac 0x06 0x9c 0xdd 0x77
    • The file can be created e.g. in bash with printf '\xfb\x0d\xfb\xa2\xfc\x43\x0a\xe5\xe8\x8b\x25\xac\x06\x9c\xdd\x77' >/tmp/ciphertext
  • The encryption key is 32 repeating bytes of value 121 (that would be 32 lowercase "y"s in ASCII)

I can decrypt the cyphertext in ruby with mcrypt like this:

require "rubygems"
require "mcrypt"

key = "y"*32
ciphertext = IO.read("ciphertext", :encoding => "BINARY")
puts(Mcrypt.new("rijndael-128", :ecb, "y"*32).decrypt(ciphertext))

and in Perl like this:

#!/usr/bin/perl
use Crypt::Rijndael;

my $key = ("y" x 32);
my $ciphertext;
open(my $fh, '<', "ciphertext") or die "cannot open ciphertext";
{
   local $/;
   $ciphertext = <$fh>;
};
my $cipher = Crypt::Rijndael->new($key, Crypt::Rijndael::MODE_ECB());
print($cipher->decrypt($ciphertext) . "\n");

I would like to know how to decrypt ciphertext encrypted like this with command line tools, preferably openssl, or mcrypt. I have tried these invocations, but I cannot get them right apparently:

$ mcrypt -k  yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy -a rijndael-128 -m ECB -d ciphertext
Warning: It is insecure to specify keywords in the command line
An OpenPGP encrypted file has been detected.
Unknown suffix. Will append '.dc'.
File ciphertext was NOT decrypted successfully.
$ openssl enc -aes-256-ecb -d -a -K 7979797979797979797979797979797979797979797979797979797979797979 -in ciphertext -out file.txt
bad decrypt
140057024816256:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../crypto/evp/evp_enc.c:559:
Solution

  • The -a option tells openssl the cipher is base64 encoded. But that's wrong, it is not, in fact, base64 encoded. Also, because no padding was used on encryption you also need to specify the -nopad option.

    openssl aes-256-ecb -d -nopad -K 7979797979797979797979797979797979797979797979797979797979797979 -in ciphertext