Decrypt old openssl files

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Decrypt old openssl files

Bhasker C V
Hi,
 I have two systems one with openssl 1.0.1e (debian wheezy) and the new one with openssl 1.1.0c (debian stretch)

 The files encrypted with 1.0.1e are not decryptable via 1.1.0c
These are the investigations I have done

on my system with 1.0.1e openssl
$ echo some text > file
$ cat file  | openssl  aes-256-cbc  -pass pass:test  > file.enc
$ md5sum file.enc
5482ea53a6677865d1e559ac3057738c  file.enc

when I bring that file over to my system with 1.1.0c openssl
$ md5sum file.enc
5482ea53a6677865d1e559ac3057738c  file.enc
$ cat file.enc | openssl  aes-256-cbc  -d -pass pass:test
bad decrypt
4146981184:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:529:

Please can someone tell me what other options I Am supposed to pass to get decryption done successfully.

Thanks in advance

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Decrypt old openssl files

Jeffrey Walton-3
>  I have two systems one with openssl 1.0.1e (debian wheezy) and the new one
> with openssl 1.1.0c (debian stretch)
>
>  The files encrypted with 1.0.1e are not decryptable via 1.1.0c
> These are the investigations I have done
>
> on my system with 1.0.1e openssl
> $ echo some text > file
> $ cat file  | openssl  aes-256-cbc  -pass pass:test  > file.enc
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
>
> when I bring that file over to my system with 1.1.0c openssl
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
> $ cat file.enc | openssl  aes-256-cbc  -d -pass pass:test
> bad decrypt
> 4146981184:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:crypto/evp/evp_enc.c:529:
>
> Please can someone tell me what other options I Am supposed to pass to get
> decryption done successfully.

From the OpenSSL 1.1.0c-3 update notes. I don't believe its in the
'openssl enc' man page yet
(https://www.openssl.org/docs/man1.0.1/apps/enc.html).

  The openssl enc command changed the default digest (used to create the key
  from passphrase) from MD5 to SHA256 since the version 1.1.0. The digest can
  be specified with the -md option.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Decrypt old openssl files

Bhasker C V
Wow ! thanks

openssl -md md5 ...
does the trick. All my docs are back now.
That was a great help Double  thanks to Jeff.

On Sat, Feb 11, 2017 at 7:05 PM, Jeffrey Walton <[hidden email]> wrote:
>  I have two systems one with openssl 1.0.1e (debian wheezy) and the new one
> with openssl 1.1.0c (debian stretch)
>
>  The files encrypted with 1.0.1e are not decryptable via 1.1.0c
> These are the investigations I have done
>
> on my system with 1.0.1e openssl
> $ echo some text > file
> $ cat file  | openssl  aes-256-cbc  -pass pass:test  > file.enc
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
>
> when I bring that file over to my system with 1.1.0c openssl
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
> $ cat file.enc | openssl  aes-256-cbc  -d -pass pass:test
> bad decrypt
> 4146981184:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:crypto/evp/evp_enc.c:529:
>
> Please can someone tell me what other options I Am supposed to pass to get
> decryption done successfully.

From the OpenSSL 1.1.0c-3 update notes. I don't believe its in the
'openssl enc' man page yet
(https://www.openssl.org/docs/man1.0.1/apps/enc.html).

  The openssl enc command changed the default digest (used to create the key
  from passphrase) from MD5 to SHA256 since the version 1.1.0. The digest can
  be specified with the -md option.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users