[openssl-users] Decrypt old openssl files

Jeffrey Walton noloader at gmail.com
Sat Feb 11 13:35:44 UTC 2017


>  I have two systems one with openssl 1.0.1e (debian wheezy) and the new one
> with openssl 1.1.0c (debian stretch)
>
>  The files encrypted with 1.0.1e are not decryptable via 1.1.0c
> These are the investigations I have done
>
> on my system with 1.0.1e openssl
> $ echo some text > file
> $ cat file  | openssl  aes-256-cbc  -pass pass:test  > file.enc
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
>
> when I bring that file over to my system with 1.1.0c openssl
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
> $ cat file.enc | openssl  aes-256-cbc  -d -pass pass:test
> bad decrypt
> 4146981184:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:crypto/evp/evp_enc.c:529:
>
> Please can someone tell me what other options I Am supposed to pass to get
> decryption done successfully.

>From the OpenSSL 1.1.0c-3 update notes. I don't believe its in the
'openssl enc' man page yet
(https://www.openssl.org/docs/man1.0.1/apps/enc.html).

  The openssl enc command changed the default digest (used to create the key
  from passphrase) from MD5 to SHA256 since the version 1.1.0. The digest can
  be specified with the -md option.

Jeff


More information about the openssl-users mailing list