<div dir="ltr">><span style="font-size:12.8px">Any chance this is data corruption?</span><div><br style="font-size:12.8px"><div><span style="font-size:12.8px">Brilliant! You caught me. Although this key is encrypted I wasn't comfortable making it public on the interwebs. So, I randomly changed several of the characters. If I run </span><font face="monospace, monospace">openssl base64 -d...</font><font face="monospace, monospace"> </font><span style="font-size:12.8px">on the <i>actual</i> key it does indeed begin with Salted__:</span></div><div><span style="font-size:12.8px"><br></span></div><div>
<p class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font face="monospace, monospace" style="font-size:small;font-variant-ligatures:normal">$ openssl base64 -d <span style="font-variant-ligatures:no-common-ligatures">-in enc_private_key.txt</span></font><font face="monospace, monospace" style="font-size:small;font-variant-ligatures:normal"> | od -c</font><br></span></p><p class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font face="monospace, monospace" style="font-size:small;font-variant-ligatures:normal"><br></font></span></p><p class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-s1" style="font-variant-ligatures:no-common-ligatures">0000000 <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>S <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>a <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>l <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>t <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>e <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>d <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>_ <span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-Apple-converted-space"> </span>_</span></p><p class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-m_-267593171111720492gmail-m_-8838661621931051192gmail-s1" style="font-variant-ligatures:no-common-ligatures">></span><span style="font-size:12.8px;font-family:arial,sans-serif">You could try a dictionary attack on the actual 132-byte string, after base64-decoding,</span></p><span style="font-size:12.8px">>provided it is not corrupted.</span></div></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">This is basically what I was trying to do, although I was simply running a few hundred thousand strings that are related to the best guess password, rather using a dictionary attack.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Is there a better command to proceed with a brute force attack than this one?</span></div><div><br></div><div><p class="gmail-m_-267593171111720492gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-m_-267593171111720492gmail-s1" style="font-variant-ligatures:no-common-ligatures">/usr/bin/openssl enc -d -aes-256-cpc -a -in enc_private_key.txt -out recovered.key</span></p><p class="gmail-m_-267593171111720492gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-m_-267593171111720492gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-m_-267593171111720492gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal"><span class="gmail-m_-267593171111720492gmail-s1" style="font-family:Menlo;font-size:11px;font-style:normal;font-variant-ligatures:no-common-ligatures;font-variant-caps:normal;font-weight:normal">A</span>s I understand:<br></p><ul><li><font face="monospace, monospace">openssl enc -d => decrypt using openssl<br></font></li><li><font face="monospace, monospace">-aes-256-cpc => use the AES 256 CPC algorithm<br></font></li><li><font face="monospace, monospace">-a => base64 decrypt<br></font></li><li><font face="monospace, monospace">-in => read the encrypted string from enc_private_key.txt<br></font></li><li><font face="monospace, monospace">-out => write the unencrypted string to recovered.key</font></li></ul><p></p></div><div><span style="font-size:12.8px">I tried running openssl in two steps: first doing the base64 decoding, then decrypting with -aes256, which I believe is functionally the same as the command mentioned above:</span></div><div><span style="font-size:12.8px"><br></span></div><div>
<p class="gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">$ openssl base64 -d -in enc_private_key.txt | openssl enc -d -aes256 -out recovered.key</span></p></div><div>
<p class="gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">enter aes-256-cbc decryption password:</span></p>
<p class="gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">bad decrypt</span></p>
<p class="gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">139845090879392:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581:</span></p></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Which brings me back to the original question. Does anyone know how to interpret "</span><span style="font-family:Menlo;font-size:11px;font-variant-ligatures:no-common-ligatures">EVP_DecryptFinal_ex:wrong final block length"</span><span style="font-size:12.8px"> </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thanks!</span></div><div><span style="font-size:12.8px">-Chris</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jan 14, 2018 at 11:21 AM, Viktor Dukhovni <span dir="ltr"><<a href="mailto:openssl-users@dukhovni.org" target="_blank">openssl-users@dukhovni.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
> On Jan 14, 2018, at 10:26 AM, Chris B <<a href="mailto:cryptoassetrecovery@gmail.com">cryptoassetrecovery@gmail.com</a><wbr>> wrote:<br>
><br>
> I'm trying to help someone recover his password for an older format ethereum encrypted private key (EPK). My plan has been to use his best guess at the password to brute force the actual password.<br>
><br>
> The EPK is a 132 character string, and it looks something like this: U2FsdGV0X185M9YAa/<wbr>27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ<wbr>9s8DzeGuBtYJPDCKDy0m80yvHdQYDM<wbr>Pa+Hwv2JPbuGJNoUMhFWpcQW1VF+<wbr>EAy0tYb7Wtv2+IRWZzcpsE8e2a<br>
><br>
> (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".)<br>
<br>
</span>This input is base64 encoded:<br>
<br>
$ openssl base64 -d <<END | od -c<br>
U2FsdGV0X185M9YAa/<wbr>27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ<wbr>9s8DzeGuBtYJPDCK<br>
Dy0m80yvHdQYDMPa+<wbr>Hwv2JPbuGJNoUMhFWpcQW1VF+<wbr>EAy0tYb7Wtv2+IRWZzcpsE<br>
8e2a<br>
END<br>
0000000 S a l t e t _ _ 9 3 326 \0 k 375 273 246<br>
0000020 a / 027 0 271 246 242 310 343 025 253 003 252 . 031 P<br>
0000040 261 320 G 211 366 317 003 315 341 256 006 326 \t < 0 212<br>
0000060 017 - & 363 L 257 035 324 030 \f 303 332 370 | / ؓ<br>
0000100 ** ۸ ** b M 241 C ! 025 j \ A m U 027 000<br>
0000120 \0 313 K X o 265 255 277 o 210 E f s r 233 004<br>
0000140 361 100 232<br>
<br>
This does indeed look a lot like "openssl enc" output:<br>
<br>
$ echo foobar | openssl enc -aes256 -pass pass:foobar | od -c<br>
0000000 S a l t e d _ _ 263 f 243 \0 242 ~ 031 3<br>
0000020 266 035 Y 310 367 300 366 264 247 : $ s 236 266 4 340<br>
0000040<br>
<br>
Except that for some reason the "d" in "Salted" is a "t". Funny that these<br>
are the voiced and unvoiced variants of the same consonant, but note also<br>
that the ASCII code for 'd' = 0x64 and 't' = 0x74, so this is a 1 bit change.<br>
Any chance this is data corruption?<br>
<span class=""><br>
><br>
> This article (<a href="https://www.reddit.com/r/Bitcoin/comments/3gwdge/importing_old_encrypted_private_keys/" rel="noreferrer" target="_blank">https://www.reddit.com/r/<wbr>Bitcoin/comments/3gwdge/<wbr>importing_old_encrypted_<wbr>private_keys/</a>)<br>
> seems to describe a very similar EPK.<br>
<br>
</span>In that sample, the base64-decoded data starts with "Salted__" as expected.<br>
<span class=""><br>
> The author of that post decrypted their key with the following command:<br>
><br>
> openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass pass:"PASSWORD_HERE"<br>
<br>
</span>Hard to say whether that's correct, rather depends on the format of "FILE_OF_KEYS".<br>
You could try a dictionary attack on the actual 132-byte string, after base64-decoding,<br>
provided it is not corrupted.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Viktor.<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div>