OpenSSL 1.1.1t cannot decrypt 1.0.2k-fips files
Tomas Mraz
tomas at openssl.org
Mon Apr 3 17:56:33 UTC 2023
On Mon, 2023-04-03 at 10:53 -0700, Gary Li wrote:
> Not working yet:
>
> $ openssl enc -aes-256-cbc -d -md md5 -nopad -iter 10000 -in hello.en
> -out hello.de -k garystest
This is wrong as -nopad and/or -iter cannot be used for these legacy
files.
> $ more hello.en
> Salted__z▒▒0>
> ▒ K▒▒>▒▒▒
> $ openssl enc -aes-256-cbc -d -md md5 -in hello.en -out hello.de -k
> garystest
> *** WARNING : deprecated key derivation used.
> Using -iter or -pbkdf2 would be better.
This is the right command.
> $ more hello.en
> Salted__z▒▒0>
> ▒ K▒▒>▒▒▒
>
You're printing the original encrypted file, not the decrypted one.
Tomas Mraz, OpenSSL
More information about the openssl-users
mailing list