How to use command-line tool `openssl` to decrypt ciphertext encripted by Perl module Crypt::DES?-CodePudding

How to use command-line tool openssl to decrypt the ciphertext that was encrypted with Perl module Crypt::DES?

Assume we have a Perl script like this:

#!/usr/bin/perl -w
use strict;
use 5.010;
use Getopt::Long qw(:config no_ignore_case);
use Crypt::CBC;
### initialization
&GetOptions("mode=s" => \(my $mode = ''));
my $secret = q/;[qO7e<_sZmR8Krhf>}]mRY`y)BI8"WEF*2nmL^o'WMKA=uEt1/;
my $key = pack('H*', $secret);
open(my $fh, '>', 'key.bin');
$fh->print($key);
$fh->close();
my $cipher = Crypt::CBC->new(
    -key => $key, -cipher => 'DES'
);
### read file
my $filename = shift @ARGV;
open($fh, '<', $filename) or die "$!";
my $cchRead = read($fh, my $buffer, -s $fh);
close($fh);
die "$!" unless defined($cchRead);
### encrypt
if ($mode eq 'encrypt') {
    print $cipher->encrypt($buffer);
}
### decrypt
else {
    print $cipher->decrypt($buffer);
}

We can use the Perl script like:

$ ./cipher.pl --mode=encrypt foo.txt > foo.encrypted # Encrypt plaintext.
$ ./cipher.pl --mode=decrypt foo.encrypted # Decrypt ciphertext.

My question is how to decrypt foo.encrypted with command-line tool openssl? I've tried these commands but in vain.

$ openssl enc -des          -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-cbc      -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-cfb      -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-cfb1     -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-cfb8     -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ecb      -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede      -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede-cbc  -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede-cfb  -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede-ofb  -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede3     -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede3-cbc -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede3-cfb -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ede3-ofb -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des-ofb      -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -des3         -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -desx         -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'
$ openssl enc -desx-cbc     -salt -pbkdf2 -pass file:key.bin -d -in 'foo.encrypted'

CodePudding user response：

On my machine, decryption of the ciphertext generated with the Perl script is successful with:

openssl enc -des -md md5 -pass file:key.bin -d -in foo.encrypted

-des is equivalent to -des-cbc and specifies DES in CBC mode. No PBKDF2 is used as key derivation function, but the OpenSSL proprietary EVP_BytesToKey() with MD5 as digest. The expected ciphertext is the concatenation of the ASCII encoding of Salted__, followed by an 8 bytes salt, followed by the actual ciphertext.

Regarding security: DES, EVP_BytesToKey() and MD5 are deprecated and insecure (better choose AES, PBKDF2 and SHA-256).

As a side note, encrypt() returns the raw ciphertext, therefore with Windows the data must be output in binary (e.g. with binmode(STDOUT)) so that the ciphertext is not corrupted by CRLF⇔LF conversions. Alternatively, the ciphertext can be output Base64 encoded (in which case the -a option must be set in the OpenSSL statement).