I have this python snippet which always worked for me:
from Crypto.Cipher import AES # pip install pycryptodome
import os
def aes_cfb(data, key, iv):
ctx = AES.new(key, AES.MODE_CFB, iv = iv, segment_size = 128)
decrypted = ctx.decrypt(data)
return decrypted
filesize = os.stat('./config_enc.bin').st_size
with open('./config_enc.bin','rb') as rf:
data = rf.read(filesize)
decrypted = aes_cfb(data, b'3398699acebda0da', b'b39a46f5cc4f0d45')
with open('./config.xml', 'wb') as wf:
wf.write(decrypted)
So I have decided to use openssl.exe as a command line tool for testing (because it is more practical than a python code), and it never worked for me.
Here is the command line tool I used using version OpenSSL 1.1.1j 16 Feb 2021 :
openssl.exe enc -d -aes-128-cfb -in config_enc.bin -out config.xml -K 3398699acebda0da -iv b39a46f5cc4f0d45
So, what I am doing wrong here? or maybe OpenSSL is not compatible at all! If so, then I should drop it and replace it with something else.
Encrypted file: https://filebin.net/xm85gfwfauf4mutv (Expires 1 week from now).
First of all, for the OpenSSL command line, the key (-K option) and IV (-iv option) must be supplied with hexadecimal values. If we supply your values they are short they are padded with 0s with a warning;
hex string is too short, padding with zero bytes to length
You provide 16 hexes but that needs 32 for AES-128. Let's run with extended key and IV;
openssl enc -e -aes-128-cfb \
-in plain.txt \
-out encrypted.txt \
-K 3398699acebda0dab39a46f5cc4f0d45 \
-iv b39a46f5cc4f0d45b39a46f5cc4f0d45`
with plaintext 12345678 then the output �4PcGp� as encrypted value.
Now with str(bytearray.fromhex('HEXVALUE')), we can turn hex string to bytes and use them in your code as;
from Crypto.Cipher import AES # pip install pycryptodome
import os
def aes_cfb(data, key, iv):
ctx = AES.new(key, AES.MODE_CFB, iv = iv, segment_size = 128)
decrypted = ctx.decrypt(data)
return decrypted
filesize = os.stat('./encrypted.txt').st_size
with open('./encrypted.txt','rb') as rf:
data = rf.read(filesize)
decrypted = aes_cfb(data,
str(bytearray.fromhex('3398699acebda0dab39a46f5cc4f0d45'),
str(bytearray.fromhex('b39a46f5cc4f0d45b39a46f5cc4f0d45')
)
with open('./config.xml', 'wb') as wf:
wf.write(decrypted)
Now they are compatible with secure key sizes.
You claim that this key is byte 3398699acebda0da, however, it is hexadecimal, i.e. contains only hexadecimal characters. If you are using this, this means that your effective keyspace is 64 bits. This is insecure by today's standards.
Assuming that this is for testing only, then you can covert this by to hex via some command as in Linux's hexdump command.
Or in Python use b'3398699acebda0da'.hex() to convert bytes to hex and supply to OpenSSL as hex.