Home > Software design >  Running Base64 command works in terminal but not in bash script. Trying to decypher an AES 256 encry
Running Base64 command works in terminal but not in bash script. Trying to decypher an AES 256 encry

Time:12-15

I am trying to decypher an AES-256-CBC encrypted string using OpenSSL. My encrypted string is encrypted using c# code mentioned here (OpenSSL encryption using .NET classes)

I first tried decrypting using the following openssl command as below,

openssl enc -d -base64 -aes-256-cbc -md md5 -pass pass:mypass -in my_file.sh_enc -out myfile.sh

but this command returns an error as,

error reading input file

so instead of -base64 I tried using -A as well as -a but both command returns bad magic number.

I searched for a while and found that I need to decode the base64 string first and then decrypt. So I ran the command,

base64 -d my_file.sh_enc | openssl enc -d -aes-256-cbc -md md5 -pass pass:mypass -out myfile.sh

This command worked perfectly when tried to execute as such from the terminal. (Ubuntu 20.04).

But when I add the same command in a .sh bash script, I am getting an error as,

WARNING:deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140285552608576:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:

I tried to store the base64 result in a temp file and then pass the temp file to OpenSSL as -in arg, but still, I'm facing the same issue. Can anyone please help me understand and also provide a solution on how to tackle this?

(please forgive me if my explanation is not proper. Please leave a comment and I'll try to elaborate it on what is not understood)

Update 1 : Below is my bash file My bash script

CodePudding user response:

Your password is not getting passed correctly. Put pass:$pass in double quotes. You may need to escape it for the shell. Double any backslashes, and put a backslash before any $.

This is how I know:

$ echo Hello, world | openssl enc -e -a -aes-256-cbc -md md5 -pass pass:foo -out /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
$ openssl enc -d -a -aes-256-cbc -md md5 -pass pass:foo -in /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Hello, world
$ openssl enc -d -a -aes-256-cbc -md md5 -pass pass:foof -in /tmp/enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140045393098112:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
  • Related