Encrypted a file with AES but can't decrypt it with OpenSSL (bad magic number)-CodePudding

I have encrypted a file using this code.

    block, err := aes.NewCipher([]byte("TESTPASSWORD1234TESTPASSWORD1234"))
    if err != nil {
        panic(err)
    }

    bReader, err := os.Open("doc.docx")
    if err != nil {
        panic(err)
    }

    var iv [aes.BlockSize]byte
    stream := cipher.NewOFB(block, iv[:])

    var out bytes.Buffer

    writer := &cipher.StreamWriter{S: stream, W: &out}
    if _, err := io.Copy(writer, bReader); err != nil {
        panic(err)
    }

    if os.WriteFile("doc-encrypted.docx", out.Bytes(), 0644) != nil {
        panic(err)
    }

and when I try to decrypt it using this command

openssl enc -in doc-encrypted.docx -out doc-decryted.docx -d -aes-256-ofb

it gives the error bad magic number

CodePudding user response：

Your OpenSSL statement is missing the specification of key and IV. For decryption, the following OpenSSL statement is required:

openssl enc -in doc-encrypted.docx -out doc-decryted.docx -d -aes-256-ofb -K 5445535450415353574f5244313233345445535450415353574f524431323334 -iv 00000000000000000000000000000000

The -K option specifies the hex encoded key, and -iv specifies the hex encoded IV, s. enc.

With this change, the ciphertext generated with the Go code can be decrypted with the OpenSSL statement.

Keep in mind that the use of a static IV is insecure. Typically, a random IV is generated for each encryption. This is not secret and is usually concatenated with the ciphertext: iv|ciphertext so that it is available during decryption. See the documentation for NewOFB for an example (without file I/O).