Search code examples
encryptionopensslaes

Why is openssl AES producing a different result than every online tool I try?

I am trying to encrypt a string using AES.

On my Macbook, I enter the command

echo -n "hello" | openssl enc -e -aes-128-cbc

and enter the key 123456.

Result: U2FsdGVkX1+FBre1MZ1YDfgZRmRyt/hMogfMhYeiq8Q=

Howevr, when I then try any online enryption tool, I get a different result.

For example, with this site, encode-decode using the same encryption scheme, I get

NrjrStoGrmkLAvWaJuKtvg==

Why the difference ? What configuration am I missing ?

Solution

  • I couldn't reproduce either of your results(I'm not on Mac). The issue is likely have to do with the fact that CBC is a block cipher, which means it takes a fix lenght of 16 bytes of blocks for each encryption cycle(unlike stream ciphers). When you have less than 16 bytes of data, it will use padding.

    AES-CBC mode

    Why the difference ? The AES standard doesn't define(.. I know, this is not very helpful for us) what kind of padding needs to be used, so it can differ in the implementation between PKCS #5 or PKCS #7.

    In my case I was even hinted to use this instead of the operation you chose *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. the -pbkdf2 option in openssl corresponds to PKCS #5. We don't really have information about what library the online tool is using for the same operation. Regarding the results:

    U2FsdGVkX1+FBre1MZ1YDfgZRmRyt/hMogfMhYeiq8Q= and 
NrjrStoGrmkLAvWaJuKtvg==

    Base64 decode to the following, respectively:

    Salted__1XFdrL̅
6Ji&⭾

    So from this, you can see, that the output of openssl encryption also uses a salt, but even then the content is completely different.

    What configuration am I missing ? Altough, you could try the following:

     openssl enc -e -aes-128-cbc -pbkdf2 -nosalt

    Salts are present to protect against brute force attacks concerning the private key used, for instance if multiple encrypted documents are gathered, and during the decryption they won't matter. It will simply be a unique hint for the decryption, and will be eliminated durng the process, but eliminates some attacks.

    The question is, how you are going to use the encryption scheme going forward - as long as you use openssl consistently, you can be assured that it will work, although a quick googling revealed that different versions can change and even effect that, which is why I likely why I cannot decrypt the data provided on OpenSSL 1.1.1 11 Sep 2018. Also, here is an article with some good examples and explanations.