OpenSSL 1.1.1t cannot decrypt 1.0.2k-fips files

Tomas Mraz tomas at openssl.org
Mon Apr 3 15:44:26 UTC 2023


As written in the openssl-enc manual page the default digest for
hashing the password was changed from MD5 to SHA256 in OpenSSL-1.1.0.

You need to use -md sha256 option with the enc tool on 1.1.1 to decrypt
files from the 1.0.2 version.

Tomas Mraz, OpenSSL

On Mon, 2023-04-03 at 07:03 -0700, Gary Li wrote:
> Yes, with Openssl enc tool to decrypt on Ubuntu 20.04, encrypted on
> CentOS 7.
> 
> On Sun, Apr 2, 2023, 11:11 PM Tomas Mraz <tomas at openssl.org> wrote:
> > Hello,
> > 
> > is that with the openssl enc tool? Or something else?
> > 
> > Tomas Mraz, OpenSSL
> > 
> > On Fri, 2023-03-31 at 16:27 -0700, Gary Li wrote:
> > > HI there,
> > > I have files in products that are generated by Openssl 1.0.2k-
> > > fips,
> > > but my new development system under Ubuntu 20.04 does not support
> > > this old version, and I cannot decrypt these files with version
> > > OpenSSL 1.1.1f or 1.1.1t.
> > > Decryption did not have warning or error messages but the
> > > contents
> > > were wrong.
> > > Are there any known solutions to this issue?
> > > 
> > > Thank you in advance,
> > > 
> > > Gary
> > 

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list