[openssl-users] AES-GCM failing from Command Line Interface

Sec_Aficionado secaficionado at gmail.com
Tue Feb 10 14:09:02 UTC 2015

Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it.

Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP is the intended way but there are no PHP bindings, only C from what I can tell.

As a bit of background, I need to send an encrypted token to a client, which will return it when communicating back with the server. I need some form of authenticated encryption for that and OpenSSL seems like a perfect fit.

Thanks for your help.

Sent from my mobile

> On Feb 9, 2015, at 9:23 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
>> On Mon, Feb 09, 2015, Sec_Aficionado wrote:
>> Hello,
>> I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject.
>> My command is:
>> openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt
>> I get prompted for password as expected.
>> The encryption goes well, and then I proceed to decrypt using:
>> openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt
>> The program executes but I get a "bad decrypt" message. However, when I open dec.txt, it is the same as the original file payload.txt
>> My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually.
>> Can someone please explain to me why this might be happening?
>> I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches.
> AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL
> throw out and error message if you try to use it from the command line.
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list