[openssl-users] OpenSSL error message when decrypting Ethereum encrypted private key
Matt Caswell
matt at openssl.org
Sun Jan 14 23:03:37 UTC 2018
On 14/01/18 15:26, Chris B wrote:
> I'm trying to help someone recover his password for an older format
> ethereum encrypted private key (EPK). My plan has been to use his best
> guess at the password to brute force the actual password.
>
> The EPK is a 132 character string, and it looks something like this:
> U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+EAy0tYb7Wtv2+IRWZzcpsE8e2a
>
> (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".)
>
> This article
> (https://www.reddit.com/r/Bitcoin/comments/3gwdge/importing_old_encrypted_private_keys/)
> seems to describe a very similar EPK. The author of that post decrypted
> their key with the following command:
>
> openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass pass:"PASSWORD_HERE"
>
> I have tried this same approach, but I'm getting an error:
>
> EVP_DecryptFinal_ex:wrong final block length
What version of OpenSSL are you using. The quoted article was written 2
years ago so definitely wasn't using OpenSSL 1.1.0. If you *are* using
1.1.0 then the default digest was changed between 1.0.2 and 1.1.0. Old
OpenSSL "enc" output defaulted to md5. The current default is sha256:
https://www.openssl.org/docs/faq.html#USER3
Try adding "-md md5" onto your command line.
Matt
>
> Here's an example:
>
> /usr/bin/openssl enc -d -aes-256-cbc -a -in enc_private_key.txt -out
> recovered.key -pass pass:TheBig7ebowski
>
> And here's the output:
>
> bad decrypt
>
> 140220549330848:error:0606506D:digital envelope
> routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581:
>
> I'm not sure how to interpret that output. I could interpret it as:
> o Your system for decrypting the password is perfect, but: this is not
> the right password.
> o There's something wrong with the EPK -- its length must be a multiple
> of the AES block length.
> o There's something wrong with the unencrypted private key -- its length
> must be a multiple of the AES block length.
> o Something else entirely
>
> Can anyone help me understand how to interpret this error message?
>
> Thanks,
> Chris
>
>
More information about the openssl-users
mailing list