[openssl-users] Decrypt old openssl files

Jeffrey Walton noloader at gmail.com
Sat Feb 11 13:35:44 UTC 2017

>  I have two systems one with openssl 1.0.1e (debian wheezy) and the new one
> with openssl 1.1.0c (debian stretch)
>  The files encrypted with 1.0.1e are not decryptable via 1.1.0c
> These are the investigations I have done
> on my system with 1.0.1e openssl
> $ echo some text > file
> $ cat file  | openssl  aes-256-cbc  -pass pass:test  > file.enc
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
> when I bring that file over to my system with 1.1.0c openssl
> $ md5sum file.enc
> 5482ea53a6677865d1e559ac3057738c  file.enc
> $ cat file.enc | openssl  aes-256-cbc  -d -pass pass:test
> bad decrypt
> 4146981184:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:crypto/evp/evp_enc.c:529:
> Please can someone tell me what other options I Am supposed to pass to get
> decryption done successfully.

>From the OpenSSL 1.1.0c-3 update notes. I don't believe its in the
'openssl enc' man page yet

  The openssl enc command changed the default digest (used to create the key
  from passphrase) from MD5 to SHA256 since the version 1.1.0. The digest can
  be specified with the -md option.


More information about the openssl-users mailing list