aes-cbc-256 mode descryption without an IV
Tim Webber
72911e at gmail.com
Tue Mar 26 01:58:11 UTC 2019
Good fine Marian. Thx for all your help.
On Mon, Mar 25, 2019 at 9:24 AM Marian Beermann <public at enkore.de> wrote:
> As it just so happens here is a gist implementing EVP_BytesToKey in Python:
> https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc
>
> -Marian
>
> Am 25.03.19 um 17:14 schrieb Tim Webber:
> > Thanks Marian. i did read the man pages for enc . not sure how that
> > gets you to the EVP_BytesToKey algorithm but thank you for providing
> > that page. i suspect it might be easier to have the folks encrypting
> > the data specifiy an IV rather than trying to figure out how to
> > implement EVP_BytesToKey in python. its not inconsequential.
> >
> > On Mon, Mar 25, 2019 at 5:08 AM Marian Beermann <public at enkore.de
> > <mailto:public at enkore.de>> wrote:
> >
> > Well let's just read the man pages, shall we?
> >
> > > -kfile filename
> > > Read the password to derive the key from the first line of
> filename.
> >
> > Then
> >
> > > -md digest
> > > Use the specified digest to create the key from the passphrase.
> > > The default algorithm is sha-256.
> >
> > And
> >
> > > -iv IV
> > > ...
> > > When a password is being specified using one of the other options,
> the
> > IV is generated from this password.
> >
> > The man page doesn't specify the key derivation algorithm, but a
> quick
> > glance at apps/enc.c shows that it uses EVP_BytesToKey, which is
> > documented here:
> > https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html
> >
> > -Marian
> >
> > Am 25.03.19 um 01:20 schrieb Tim Webber:
> > > I just posted a message which i have copied below to a python
> > forum. It
> > > might be better asked here. The coles notes version of my
> > question is this:
> > >
> > > I have received an encrypted data file (mydata.encrypted) and a key
> > > (plain text for now) and the following command to decrypt it:
> > >
> > > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
> > > mydata.decrypted -kfile my_symmetric_key
> > >
> > > Question is this. How is the initialization vector calculated?
> This
> > > command works fine. My issues is that i dont know how the
> > > initialization vetor is calculated. I suspect if its left out
> > there is
> > > some default way of doing it. Can you tell me how its done?
> Thanks!
> > >
> > > ************************* ORIGINAL QUESTION to python community
> > > ******************
> > >
> > > I have received an encrypted data file (mydata.encrypted) and a key
> > > (plain text for now) and the following command to decrypt it:
> > >
> > > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
> > > mydata.decrypted -kfile my_symmetric_key
> > >
> > > The people who encrypted these data did so with openssl but I dont
> > know
> > > what the encrypt command looks like. I do know that the above
> command
> > > does decrypt the data successfully though.
> > >
> > > I want to use Python to decrypt this file. I am thinking of using
> > > cryptodome but am open to suggestions. Here's what i know from the
> > above
> > > openssl decrypt command.
> > >
> > > - its uses AES cbc 256 mode for the decryption ( -d )
> > > - it uses base64 to encode the data "AFTER" (-a) the cryptographic
> > operation
> > > - it does not specify the initialization vector (IV).
> > >
> > > I am struggling with how to code for this using python. What I
> suspect
> > > is my problem is that i dont know how to properly calculate the IV.
> > > Looking at the openssl documentation they say to see "key
> > derivation" to
> > > find out how they handle IV when its not specified. I cant track
> down
> > > this key derivation information. Any help will be appreciated!
> > > *******************************
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190325/864bdbff/attachment-0001.html>
More information about the openssl-users
mailing list