I am trying to decypher an AES-256-CBC encrypted string using OpenSSL. My encrypted string is encrypted using c# code mentioned here (OpenSSL encryption using .NET classes)
I first tried decrypting using the following openssl command as below,
openssl enc -d -base64 -aes-256-cbc -md md5 -pass pass:mypass -in my_file.sh_enc -out myfile.sh
but this command returns an error as,
error reading input file
so instead of -base64 I tried using -A as well as -a but both command returns bad magic number.
I searched for a while and found that I need to decode the base64 string first and then decrypt. So I ran the command,
base64 -d my_file.sh_enc | openssl enc -d -aes-256-cbc -md md5 -pass pass:mypass -out myfile.sh
This command worked perfectly when tried to execute as such from the terminal. (Ubuntu 20.04).
But when I add the same command in a .sh bash script, I am getting an error as,
WARNING:deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140285552608576:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
I tried to store the base64 result in a temp file and then pass the temp file to OpenSSL as -in arg, but still, I'm facing the same issue. Can anyone please help me understand and also provide a solution on how to tackle this?
(please forgive me if my explanation is not proper. Please leave a comment and I'll try to elaborate it on what is not understood)
Update 1 : Below is my bash file My bash script
CodePudding user response:
Your password is not getting passed correctly. Put pass:$pass
in double quotes. You may need to escape it for the shell. Double any backslashes, and put a backslash before any $
.
This is how I know:
$ echo Hello, world | openssl enc -e -a -aes-256-cbc -md md5 -pass pass:foo -out /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
$ openssl enc -d -a -aes-256-cbc -md md5 -pass pass:foo -in /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Hello, world
$ openssl enc -d -a -aes-256-cbc -md md5 -pass pass:foof -in /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140045393098112:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610: