<div dir="ltr">Good fine Marian. Thx for all your help.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 25, 2019 at 9:24 AM Marian Beermann <<a href="mailto:public@enkore.de">public@enkore.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">As it just so happens here is a gist implementing EVP_BytesToKey in Python:<br>
<a href="https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc" rel="noreferrer" target="_blank">https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc</a><br>
<br>
-Marian<br>
<br>
Am 25.03.19 um 17:14 schrieb Tim Webber:<br>
> Thanks Marian. i did read the man pages for enc . not sure how that<br>
> gets you to the EVP_BytesToKey algorithm but thank you for providing<br>
> that page. i suspect it might be easier to have the folks encrypting<br>
> the data specifiy an IV rather than trying to figure out how to<br>
> implement EVP_BytesToKey in python. its not inconsequential.<br>
> <br>
> On Mon, Mar 25, 2019 at 5:08 AM Marian Beermann <<a href="mailto:public@enkore.de" target="_blank">public@enkore.de</a><br>
> <mailto:<a href="mailto:public@enkore.de" target="_blank">public@enkore.de</a>>> wrote:<br>
> <br>
> Well let's just read the man pages, shall we?<br>
> <br>
> > -kfile filename<br>
> > Read the password to derive the key from the first line of filename.<br>
> <br>
> Then<br>
> <br>
> > -md digest<br>
> > Use the specified digest to create the key from the passphrase.<br>
> > The default algorithm is sha-256.<br>
> <br>
> And<br>
> <br>
> > -iv IV<br>
> > ...<br>
> > When a password is being specified using one of the other options, the<br>
> IV is generated from this password.<br>
> <br>
> The man page doesn't specify the key derivation algorithm, but a quick<br>
> glance at apps/enc.c shows that it uses EVP_BytesToKey, which is<br>
> documented here:<br>
> <a href="https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html" rel="noreferrer" target="_blank">https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html</a><br>
> <br>
> -Marian<br>
> <br>
> Am 25.03.19 um 01:20 schrieb Tim Webber:<br>
> > I just posted a message which i have copied below to a python<br>
> forum. It<br>
> > might be better asked here. The coles notes version of my<br>
> question is this:<br>
> ><br>
> > I have received an encrypted data file (mydata.encrypted) and a key<br>
> > (plain text for now) and the following command to decrypt it:<br>
> ><br>
> > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out<br>
> > mydata.decrypted -kfile my_symmetric_key<br>
> ><br>
> > Question is this. How is the initialization vector calculated? This<br>
> > command works fine. My issues is that i dont know how the<br>
> > initialization vetor is calculated. I suspect if its left out<br>
> there is<br>
> > some default way of doing it. Can you tell me how its done? Thanks!<br>
> ><br>
> > ************************* ORIGINAL QUESTION to python community<br>
> > ******************<br>
> ><br>
> > I have received an encrypted data file (mydata.encrypted) and a key<br>
> > (plain text for now) and the following command to decrypt it:<br>
> ><br>
> > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out<br>
> > mydata.decrypted -kfile my_symmetric_key<br>
> ><br>
> > The people who encrypted these data did so with openssl but I dont<br>
> know<br>
> > what the encrypt command looks like. I do know that the above command<br>
> > does decrypt the data successfully though.<br>
> ><br>
> > I want to use Python to decrypt this file. I am thinking of using<br>
> > cryptodome but am open to suggestions. Here's what i know from the<br>
> above<br>
> > openssl decrypt command.<br>
> ><br>
> > - its uses AES cbc 256 mode for the decryption ( -d )<br>
> > - it uses base64 to encode the data "AFTER" (-a) the cryptographic<br>
> operation<br>
> > - it does not specify the initialization vector (IV). <br>
> ><br>
> > I am struggling with how to code for this using python. What I suspect<br>
> > is my problem is that i dont know how to properly calculate the IV.<br>
> > Looking at the openssl documentation they say to see "key<br>
> derivation" to<br>
> > find out how they handle IV when its not specified. I cant track down<br>
> > this key derivation information. Any help will be appreciated! <br>
> > ******************************* <br>
> <br>
<br>
</blockquote></div>