[openssl-users] Openssl 1_1_0 compatibility question
david
david at daku.org
Sat Sep 3 22:54:42 UTC 2016
Folks
In the home-grown application I have, data is encrypted on Windows
clients and decrypted on Centos servers, all with OpenSSL, using a
shared symmetric password.
My clients have been running OpenSSL versions 1.0.* with each new
version being installed on Windows (using
https://slproweb.com/download/Win64OpenSSL...) with no compatibility
issues, EXCEPT when I switched from 1.0.2h to 1.1.0.
My servers are running whichever is supported by Centos systems --
currently 1.0.1e-fips.
My methods do the following, with my real values replaced by fixed
values in this example:
On the client: Encrypt the value "abcde" with a password "123" with salt
Windows command: echo abcde | openssl enc -salt -a -A -aes128 -pass pass:123
On the server: Decrypt the salted message with the password "123",
and recover the value "1".
Linux command: echo (the output of the above) | openssl enc -d
-salt -a -A -aes128 -pass pass:123
When the ENCRYPTING software is 1_0_2h and the decrypting software is
1_0_1e on Linux or 1_0_2h on Windows, the decryption successfully
recovers the value "abcde".
When the encrypting software is 1_1_0 and the decrypting software is
1_0_1e on Linux or 1_0_2h on Windows, it fails with the message:
bad decrypt
139701985818440:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596:
Or, in summary
When both the encrypting and decrypting software are both 1_1_0, or
both 1_0_2(e..h), the decryption succeeded. If the versions were
different, it failed.
Is this a feature or a bug? Is there some setting I should have different?
Thanks in advance
David
More information about the openssl-users
mailing list