Search code examples
encryptionopensslcryptographyaeslets-encrypt

Decrypt a text with OpenSSL using key and salt only

I would like to decrypt a text using a 32 characters key and a salt from command line in my MacOS. I have encrypted it in Windows using a program. But, whenever I try to decrypt it from command line I couldn't and get an error. 

echo -n PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc= | openssl enc -d -a -aes-256-cbc -K TheTestKeyUsedIs32CharactersLong -S 53616c7455736564 -iv 0 -p
hex string is too short, padding with zero bytes to length
hex string is too short, padding with zero bytes to length
non-hex digit
invalid hex key value

When I try to encrypt

100836

in MacOS it gives me completely different string.

U2FsdGVkX19TYWx0VXNlZA4AWDWo5nzi8p5pYyAeUMg=

using following command:

openssl enc -aes-256-cbc -a -S 53616c7455736564 -iter 5 -k TheTestKeyUsedIs32CharactersLong -in input.txt -out openssl_output.txt

From the application I am using in Windows

100836 is converting into PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc=

  • My salt text is SaltUsed
  • My 32 bit character key is TheTestKeyUsedIs32CharactersLong
  • Input is PuYNZO+SLqFo6g97gxKr2uAPRUph/sZgaJ3T5YIBPIc=
  • Should be decrypted in 100836

But, result is completely unexpected.

I have also tried a java program to decrypt it but there I was getting other strings so thought to correct it with command line first and then will jump into the code.

I also tried the key in hex digits but still the response was incorrect and was not as expected.

Solution

  • @Wasif and I spent some time debugging in chat and in the end believe it's most likely a compatbility issue between OpenSSL 1.1.1.d on Windows and OpenSSL 1.1.1.b on macOS.

    We went through a number of tests and permutations, using (Key, IV) tuples in hex, using passwords, with and without salts, and ultimately our testing came down to a simple check.

    Using openssl enc -a -aes-256-cbc -pass pass:MYPASSWORD -p -in input.txt on Windows we got:

    salt=E70092FEBA619144 
key=29631452F8C259DFE6FD8E9372EC4B20392395F36B7A0B11769CEBEA987E90A0 
iv =93BF2E94462A43B23EF585C0F4B3F1A8 
U2FsdGVkX1/nAJL+umGRRGi3ybIPFXf7qrgov7SyXnI=

    Using openssl aes-256-cbc -d -a -pass pass:MYPASSWORD -in cipherText.txt (which contains 'U2FsdGVkX1/nAJL+umGRRGi3ybIPFXf7qrgov7SyXnI=' on the Mac we got:

    4593573484:error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt

    Despite this simple test failing, the Mac and Windows boxes successfully encrypted and decrypted locally.

    Weird, but this looks like version incompatibility.