LibreSSL vs. OpenSSL enc command

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

LibreSSL vs. OpenSSL enc command

Dieter Rauschenberger-2
Hi,

i have encrypted several documents with

openssl enc -aes-256-cbc -e < FOO > FOO.aes256

This was serveral years ago before Libressl was invented. Now I wanted
to decrypt the docs with:

openssl enc -aes-256-cbc -d < FOO.aes256 > FOO

This did not work. The password did not work anymore. I had to install
openssl-1.0.2t via packages. This works:

eopenssl enc -aes-256-cbc -d < FOO.aes256 > FOO

My password is accepted. The document appeared in plaintext.
Is there a trick to do this with libressl from base?

Regards
-Dieter

Reply | Threaded
Open this post in threaded view
|

Re: LibreSSL vs. OpenSSL enc command

Jeffrey Walton-3
On Wed, Dec 4, 2019 at 1:05 PM Dieter Rauschenberger
<[hidden email]> wrote:

>
> i have encrypted several documents with
>
> openssl enc -aes-256-cbc -e < FOO > FOO.aes256
>
> This was serveral years ago before Libressl was invented. Now I wanted
> to decrypt the docs with:
>
> openssl enc -aes-256-cbc -d < FOO.aes256 > FOO
>
> This did not work. The password did not work anymore. I had to install
> openssl-1.0.2t via packages. This works:
>
> eopenssl enc -aes-256-cbc -d < FOO.aes256 > FOO
>
> My password is accepted. The document appeared in plaintext.
> Is there a trick to do this with libressl from base?

OpenSSL changed the hash used in the key derivation function sometime
around OpenSSL 1.0.2. Formerly is was MD5. I believe it was changed to
SHA256.

I believe the command line option to changed the derivation hash is
-md. You might try adding -md md5 or -md sha1.

Jeff

Reply | Threaded
Open this post in threaded view
|

Re: LibreSSL vs. OpenSSL enc command

Dieter Rauschenberger-2
Hi Jeff

openssl enc -aes-256-cbc -d -md md5 < FOO.aes256 > FOO

did the trick. Thank you very much.

-Dieter

On Wed, Dec 04, 2019 at 01:12:08PM -0500, Jeffrey Walton wrote:

> On Wed, Dec 4, 2019 at 1:05 PM Dieter Rauschenberger
> <[hidden email]> wrote:
> >
> > i have encrypted several documents with
> >
> > openssl enc -aes-256-cbc -e < FOO > FOO.aes256
> >
> > This was serveral years ago before Libressl was invented. Now I wanted
> > to decrypt the docs with:
> >
> > openssl enc -aes-256-cbc -d < FOO.aes256 > FOO
> >
> > This did not work. The password did not work anymore. I had to install
> > openssl-1.0.2t via packages. This works:
> >
> > eopenssl enc -aes-256-cbc -d < FOO.aes256 > FOO
> >
> > My password is accepted. The document appeared in plaintext.
> > Is there a trick to do this with libressl from base?
>
> OpenSSL changed the hash used in the key derivation function sometime
> around OpenSSL 1.0.2. Formerly is was MD5. I believe it was changed to
> SHA256.
>
> I believe the command line option to changed the derivation hash is
> -md. You might try adding -md md5 or -md sha1.
>
> Jeff

Reply | Threaded
Open this post in threaded view
|

Re: LibreSSL vs. OpenSSL enc command

Christian Weisgerber
In reply to this post by Dieter Rauschenberger-2
Dieter Rauschenberger:

> This was serveral years ago before Libressl was invented. Now I wanted
> to decrypt the docs with:
>
> openssl enc -aes-256-cbc -d < FOO.aes256 > FOO
>
> This did not work. The password did not work anymore.

The default message digest function used for key derivation changed
from MD5 to SHA256 in OpenSSL 1.1.0 and LibreSSL followed suit.

  openssl enc -aes-256-cbc -d -md md5 < FOO.aes256 > FOO

--
Christian "naddy" Weisgerber                          [hidden email]