[openssl-users] Openssl 1_1_0 compatibility question
david
david at daku.org
Tue Sep 6 14:39:01 UTC 2016
At 09:25 AM 9/5/2016, you wrote:
>david wrote:
>
> > On the client:
> > openssl enc -salt -a -A -aes128 -pass pass:123
> >
> > On the server:
> > openssl enc -d -salt -a -A -aes128 -pass pass:123
> >
> > When the ENCRYPTING software is 1_0_2h and the
> > decrypting software is 1_0_1e on Linux or 1_0_2h on Windows,
> > the decryption successfully recovers the value "abcde".
> >
> > When the encrypting software is 1_1_0 and the
> > decrypting software is 1_0_1e on Linux or 1_0_2h on Windows,
> > it fails with the message:
> >
> > bad decrypt
> > 139701985818440:error:06065064:digital envelope routines:
> > EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596:
> >
>
>
>Reason:
>v1.1.0 is using the wrong key(from pass) to decrypt.
>
> v1.0.x: md5 is default digest
> v1.1.0: sha256 is default digest
>
>Solution:
>Specify the digest used to create the key.
>
> Add '-md md5' to the version 1.0.2 decryption command line,
> or add '-md sha256' to the v1.0.x encryption command line.
>
Thanks for this. I must have missed the change in default-digest
algorithm in the release notes.
David
More information about the openssl-users
mailing list