[openssl-users] Decrypt old openssl files
Jeffrey Walton
noloader at gmail.com
Sat Feb 11 13:35:44 UTC 2017
> I have two systems one with openssl 1.0.1e (debian wheezy) and the new one
> with openssl 1.1.0c (debian stretch)
>
> The files encrypted with 1.0.1e are not decryptable via 1.1.0c
> These are the investigations I have done
>
> on my system with 1.0.1e openssl
> $ echo some text > file
> $ cat file | openssl aes-256-cbc -pass pass:test > file.enc
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c file.enc
>
> when I bring that file over to my system with 1.1.0c openssl
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c file.enc
> $ cat file.enc | openssl aes-256-cbc -d -pass pass:test
> bad decrypt
> 4146981184:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:crypto/evp/evp_enc.c:529:
>
> Please can someone tell me what other options I Am supposed to pass to get
> decryption done successfully.
>From the OpenSSL 1.1.0c-3 update notes. I don't believe its in the
'openssl enc' man page yet
(https://www.openssl.org/docs/man1.0.1/apps/enc.html).
The openssl enc command changed the default digest (used to create the key
from passphrase) from MD5 to SHA256 since the version 1.1.0. The digest can
be specified with the -md option.
Jeff
More information about the openssl-users
mailing list