[openssl-users] Openssl 1_1_0 compatibility question
Guy
gmane.bl4 at gishpuppy.com
Mon Sep 5 16:25:13 UTC 2016
david wrote:
> On the client:
> openssl enc -salt -a -A -aes128 -pass pass:123
>
> On the server:
> openssl enc -d -salt -a -A -aes128 -pass pass:123
>
> When the ENCRYPTING software is 1_0_2h and the
> decrypting software is 1_0_1e on Linux or 1_0_2h on Windows,
> the decryption successfully recovers the value "abcde".
>
> When the encrypting software is 1_1_0 and the
> decrypting software is 1_0_1e on Linux or 1_0_2h on Windows,
> it fails with the message:
>
> bad decrypt
> 139701985818440:error:06065064:digital envelope routines:
> EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:596:
>
Reason:
v1.1.0 is using the wrong key(from pass) to decrypt.
v1.0.x: md5 is default digest
v1.1.0: sha256 is default digest
Solution:
Specify the digest used to create the key.
Add '-md md5' to the version 1.0.2 decryption command line,
or add '-md sha256' to the v1.0.x encryption command line.
More information about the openssl-users
mailing list