Search code examples
bashencryptionterminalopensslaes

Running Base64 command works in terminal but not in bash script. Trying to decypher an AES 256 encrypted string

I am trying to decypher an AES-256-CBC encrypted string using OpenSSL. My encrypted string is encrypted using c# code mentioned here (OpenSSL encryption using .NET classes)

I first tried decrypting using the following openssl command as below,

openssl enc -d -base64 -aes-256-cbc -md md5 -pass pass:mypass -in my_file.sh_enc -out myfile.sh

but this command returns an error as,

error reading input file

so instead of -base64 I tried using -A as well as -a but both command returns bad magic number.

I searched for a while and found that I need to decode the base64 string first and then decrypt. So I ran the command,

base64 -d my_file.sh_enc | openssl enc -d -aes-256-cbc -md md5 -pass pass:mypass -out myfile.sh

This command worked perfectly when tried to execute as such from the terminal. (Ubuntu 20.04).

But when I add the same command in a .sh bash script, I am getting an error as,

WARNING:deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140285552608576:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:

I tried to store the base64 result in a temp file and then pass the temp file to OpenSSL as -in arg, but still, I'm facing the same issue. Can anyone please help me understand and also provide a solution on how to tackle this?

(please forgive me if my explanation is not proper. Please leave a comment and I'll try to elaborate it on what is not understood)

Update 1 : Below is my bash file My bash script

Solution

  • Your password is not getting passed correctly. Put pass:$pass in double quotes. You may need to escape it for the shell. Double any backslashes, and put a backslash before any $.

    This is how I know:

    $ echo Hello, world | openssl enc -e -a -aes-256-cbc -md md5 -pass pass:foo -out /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
$ openssl enc -d -a -aes-256-cbc -md md5 -pass pass:foo -in /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Hello, world
$ openssl enc -d -a -aes-256-cbc -md md5 -pass pass:foof -in /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140045393098112:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610: