aes-cbc-256 mode descryption without an IV

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

aes-cbc-256 mode descryption without an IV

Tim Webber
I just posted a message which i have copied below to a python forum.  It might be better asked here.  The coles notes version of my question is this:

I have received an encrypted data file (mydata.encrypted) and a key (plain text for now) and the following command to decrypt it:

openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out mydata.decrypted -kfile my_symmetric_key

Question is this.  How is the initialization vector calculated?  This command works fine.  My issues is that i dont know how the initialization vetor is calculated.  I suspect if its left out there is some default way of doing it.  Can you tell me how its done? Thanks!

************************* ORIGINAL QUESTION to python community ******************

I have received an encrypted data file (mydata.encrypted) and a key (plain text for now) and the following command to decrypt it:

openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out mydata.decrypted -kfile my_symmetric_key

The people who encrypted these data did so with openssl but I dont know what the encrypt command looks like. I do know that the above command does decrypt the data successfully though.

I want to use Python to decrypt this file. I am thinking of using cryptodome but am open to suggestions. Here's what i know from the above openssl decrypt command.

- its uses AES cbc 256 mode for the decryption ( -d )
- it uses base64 to encode the data "AFTER" (-a) the cryptographic operation
- it does not specify the initialization vector (IV). 

I am struggling with how to code for this using python. What I suspect is my problem is that i dont know how to properly calculate the IV. Looking at the openssl documentation they say to see "key derivation" to find out how they handle IV when its not specified. I cant track down this key derivation information. Any help will be appreciated! 
******************************* 
Reply | Threaded
Open this post in threaded view
|

Re: aes-cbc-256 mode descryption without an IV

Marian Beermann
Well let's just read the man pages, shall we?

>        -kfile filename
> Read the password to derive the key from the first line of filename.

Then

>        -md digest
> Use the specified digest to create the key from the passphrase.
> The default algorithm is sha-256.

And

>       -iv IV
> ...
> When a password is being specified using one of the other options, the
IV is generated from this password.

The man page doesn't specify the key derivation algorithm, but a quick
glance at apps/enc.c shows that it uses EVP_BytesToKey, which is
documented here:
https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html

-Marian

Am 25.03.19 um 01:20 schrieb Tim Webber:

> I just posted a message which i have copied below to a python forum.  It
> might be better asked here.  The coles notes version of my question is this:
>
> I have received an encrypted data file (mydata.encrypted) and a key
> (plain text for now) and the following command to decrypt it:
>
> openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
> mydata.decrypted -kfile my_symmetric_key
>
> Question is this.  How is the initialization vector calculated?  This
> command works fine.  My issues is that i dont know how the
> initialization vetor is calculated.  I suspect if its left out there is
> some default way of doing it.  Can you tell me how its done? Thanks!
>
> ************************* ORIGINAL QUESTION to python community
> ******************
>
> I have received an encrypted data file (mydata.encrypted) and a key
> (plain text for now) and the following command to decrypt it:
>
> openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
> mydata.decrypted -kfile my_symmetric_key
>
> The people who encrypted these data did so with openssl but I dont know
> what the encrypt command looks like. I do know that the above command
> does decrypt the data successfully though.
>
> I want to use Python to decrypt this file. I am thinking of using
> cryptodome but am open to suggestions. Here's what i know from the above
> openssl decrypt command.
>
> - its uses AES cbc 256 mode for the decryption ( -d )
> - it uses base64 to encode the data "AFTER" (-a) the cryptographic operation
> - it does not specify the initialization vector (IV). 
>
> I am struggling with how to code for this using python. What I suspect
> is my problem is that i dont know how to properly calculate the IV.
> Looking at the openssl documentation they say to see "key derivation" to
> find out how they handle IV when its not specified. I cant track down
> this key derivation information. Any help will be appreciated! 
> ******************************* 

Reply | Threaded
Open this post in threaded view
|

Re: aes-cbc-256 mode descryption without an IV

Marian Beermann
As it just so happens here is a gist implementing EVP_BytesToKey in Python:
https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc

-Marian

Am 25.03.19 um 17:14 schrieb Tim Webber:

> Thanks Marian.  i did read the man pages for enc .  not sure how that
> gets you to the  EVP_BytesToKey algorithm but thank you for providing
> that page.  i suspect it might be easier to have the folks encrypting
> the data specifiy an IV rather than trying to figure out how to
> implement  EVP_BytesToKey in python.  its not inconsequential.
>
> On Mon, Mar 25, 2019 at 5:08 AM Marian Beermann <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Well let's just read the man pages, shall we?
>
>     >        -kfile filename
>     > Read the password to derive the key from the first line of filename.
>
>     Then
>
>     >        -md digest
>     > Use the specified digest to create the key from the passphrase.
>     > The default algorithm is sha-256.
>
>     And
>
>     >       -iv IV
>     > ...
>     > When a password is being specified using one of the other options, the
>     IV is generated from this password.
>
>     The man page doesn't specify the key derivation algorithm, but a quick
>     glance at apps/enc.c shows that it uses EVP_BytesToKey, which is
>     documented here:
>     https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html
>
>     -Marian
>
>     Am 25.03.19 um 01:20 schrieb Tim Webber:
>     > I just posted a message which i have copied below to a python
>     forum.  It
>     > might be better asked here.  The coles notes version of my
>     question is this:
>     >
>     > I have received an encrypted data file (mydata.encrypted) and a key
>     > (plain text for now) and the following command to decrypt it:
>     >
>     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
>     > mydata.decrypted -kfile my_symmetric_key
>     >
>     > Question is this.  How is the initialization vector calculated?  This
>     > command works fine.  My issues is that i dont know how the
>     > initialization vetor is calculated.  I suspect if its left out
>     there is
>     > some default way of doing it.  Can you tell me how its done? Thanks!
>     >
>     > ************************* ORIGINAL QUESTION to python community
>     > ******************
>     >
>     > I have received an encrypted data file (mydata.encrypted) and a key
>     > (plain text for now) and the following command to decrypt it:
>     >
>     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
>     > mydata.decrypted -kfile my_symmetric_key
>     >
>     > The people who encrypted these data did so with openssl but I dont
>     know
>     > what the encrypt command looks like. I do know that the above command
>     > does decrypt the data successfully though.
>     >
>     > I want to use Python to decrypt this file. I am thinking of using
>     > cryptodome but am open to suggestions. Here's what i know from the
>     above
>     > openssl decrypt command.
>     >
>     > - its uses AES cbc 256 mode for the decryption ( -d )
>     > - it uses base64 to encode the data "AFTER" (-a) the cryptographic
>     operation
>     > - it does not specify the initialization vector (IV). 
>     >
>     > I am struggling with how to code for this using python. What I suspect
>     > is my problem is that i dont know how to properly calculate the IV.
>     > Looking at the openssl documentation they say to see "key
>     derivation" to
>     > find out how they handle IV when its not specified. I cant track down
>     > this key derivation information. Any help will be appreciated! 
>     > ******************************* 
>

Reply | Threaded
Open this post in threaded view
|

Re: aes-cbc-256 mode descryption without an IV

Tim Webber
Good fine Marian.  Thx for all your help.

On Mon, Mar 25, 2019 at 9:24 AM Marian Beermann <[hidden email]> wrote:
As it just so happens here is a gist implementing EVP_BytesToKey in Python:
https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc

-Marian

Am 25.03.19 um 17:14 schrieb Tim Webber:
> Thanks Marian.  i did read the man pages for enc .  not sure how that
> gets you to the  EVP_BytesToKey algorithm but thank you for providing
> that page.  i suspect it might be easier to have the folks encrypting
> the data specifiy an IV rather than trying to figure out how to
> implement  EVP_BytesToKey in python.  its not inconsequential.
>
> On Mon, Mar 25, 2019 at 5:08 AM Marian Beermann <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Well let's just read the man pages, shall we?
>
>     >        -kfile filename
>     > Read the password to derive the key from the first line of filename.
>
>     Then
>
>     >        -md digest
>     > Use the specified digest to create the key from the passphrase.
>     > The default algorithm is sha-256.
>
>     And
>
>     >       -iv IV
>     > ...
>     > When a password is being specified using one of the other options, the
>     IV is generated from this password.
>
>     The man page doesn't specify the key derivation algorithm, but a quick
>     glance at apps/enc.c shows that it uses EVP_BytesToKey, which is
>     documented here:
>     https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html
>
>     -Marian
>
>     Am 25.03.19 um 01:20 schrieb Tim Webber:
>     > I just posted a message which i have copied below to a python
>     forum.  It
>     > might be better asked here.  The coles notes version of my
>     question is this:
>     >
>     > I have received an encrypted data file (mydata.encrypted) and a key
>     > (plain text for now) and the following command to decrypt it:
>     >
>     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
>     > mydata.decrypted -kfile my_symmetric_key
>     >
>     > Question is this.  How is the initialization vector calculated?  This
>     > command works fine.  My issues is that i dont know how the
>     > initialization vetor is calculated.  I suspect if its left out
>     there is
>     > some default way of doing it.  Can you tell me how its done? Thanks!
>     >
>     > ************************* ORIGINAL QUESTION to python community
>     > ******************
>     >
>     > I have received an encrypted data file (mydata.encrypted) and a key
>     > (plain text for now) and the following command to decrypt it:
>     >
>     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
>     > mydata.decrypted -kfile my_symmetric_key
>     >
>     > The people who encrypted these data did so with openssl but I dont
>     know
>     > what the encrypt command looks like. I do know that the above command
>     > does decrypt the data successfully though.
>     >
>     > I want to use Python to decrypt this file. I am thinking of using
>     > cryptodome but am open to suggestions. Here's what i know from the
>     above
>     > openssl decrypt command.
>     >
>     > - its uses AES cbc 256 mode for the decryption ( -d )
>     > - it uses base64 to encode the data "AFTER" (-a) the cryptographic
>     operation
>     > - it does not specify the initialization vector (IV). 
>     >
>     > I am struggling with how to code for this using python. What I suspect
>     > is my problem is that i dont know how to properly calculate the IV.
>     > Looking at the openssl documentation they say to see "key
>     derivation" to
>     > find out how they handle IV when its not specified. I cant track down
>     > this key derivation information. Any help will be appreciated! 
>     > ******************************* 
>