[openssl-users] Openssl 1_1_0 compatibility question

Guy gmane.bl4 at gishpuppy.com
Mon Sep 5 16:25:13 UTC 2016


david wrote:

> On the client:
> openssl enc -salt -a -A -aes128 -pass pass:123
>
> On the server:
> openssl enc -d -salt -a -A -aes128 -pass pass:123
>
> When the ENCRYPTING software is 1_0_2h and the
> decrypting software is 1_0_1e on Linux or 1_0_2h on Windows,
> the decryption successfully recovers the value "abcde".
>
> When the encrypting software is 1_1_0 and the
> decrypting software is 1_0_1e on Linux or 1_0_2h on Windows,
> it fails with the message:
>
> bad decrypt
> 139701985818440:error:06065064:digital envelope routines:
> EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596:
> 


Reason:
v1.1.0 is using the wrong key(from pass) to decrypt.

 v1.0.x: md5 is default digest
 v1.1.0: sha256 is default digest

Solution:
Specify the digest used to create the key.

 Add '-md md5' to the version 1.0.2 decryption command line,
 or add '-md sha256' to the v1.0.x  encryption command line.






More information about the openssl-users mailing list