[openssl-users] AES-GCM failing from Command Line Interface

Dr. Stephen Henson steve at openssl.org
Tue Feb 10 02:23:30 UTC 2015

On Mon, Feb 09, 2015, Sec_Aficionado wrote:

> Hello,
> I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject.
> My command is:
> openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt
> I get prompted for password as expected.
> The encryption goes well, and then I proceed to decrypt using:
> openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt
> The program executes but I get a "bad decrypt" message. However, when I open dec.txt, it is the same as the original file payload.txt
> My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually.
> Can someone please explain to me why this might be happening?
> I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches.

AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL
throw out and error message if you try to use it from the command line.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list