[openssl-users] Decrypting an OpenSSL encrypt AES256-CBC data

Ertan Küçükoglu ertan.kucukoglu at gmail.com
Thu Dec 27 21:02:44 UTC 2018 

Hello,

First of all I am a newbie to this list and to cryptography, padding, and C
language. Please, bear with me.

I am trying to encrypt some data on an embedded Linux system using OpenSSL
crypto library and decrypt it on a Windows system.

I am following example at following link for C codes on embedded system:
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
Fortunately, I could encrypt with given code on that embedded linux system
using OpenSSL Library version used was: 1.0.0e
I do not have a change to use another version of the library. I am needed
to be provided newer/older library by the device manufacturer to be able to
cross compile my C code using their SDK.

My tests on embedded device works in both ways. I can encrypt and decrypt
simple string (or below provided example data) on that system.
My problem is, I need to decrypt on Windows OS what is crypt on the
embedded device.
Windows OS, I am using Delphi (Object Pascal) for my programming needs.
As I have not enough cryptography knowledge, I am using an open source
library from mORMot project. This project supports AES256-CBC, AES256-CFB
and several other AES based encryption and decryption, some hashing, etc. I
have used that library before and it did work well for my needs. Thing is,
I only used mORMot for my encryption and decryption which simply works.
Similarly, OpenSSL encryption and decryption works on that embedded Linux
system. I failed to make them talk to each other, properly.

A- I tried to directly decrypt (no padding applied) and I get my plain text
plus some additional invisible characters at the end. I am told it maybe a
"padding" issue, my problem, during decryption.
B- I tried PKCS#7 for decryption and it fails (no text being returned. All
bytes are zero and of course that returns an empty string.

Below is encrypt base64 data on embedded linux system.
8XnbAER2Mh4GLQpDrBLA24R0uEm2SkqDqa0U/PZ3KsSCZsKmJ+WKoYqx7dTiLC/uvJivgm2LOJ0mD5U4NQ19SZgYbT1TByMlLL+075EF8LsXotySz2hze2IozKOB8TG4dn2W/nDdM5deO7csBY28onQHOV4wbqzInUeaLVzbvAI=

Attached is crypt data saved directly in a file. My tests, base64 decodes
to identical bytes as in that file.

Plain text should be (last character is invisible '\n'):
0000010000012018122721570520181227215705 00017214422c4277d76H  10350514.44
  0.01  10350514.43         0.010000

For test purposes my key and IV are simple.
Key: bytes from 0 to 31 (inclusive)
IV: bytes from 0 to 15 (inclusive)

C code I used for generating key and IV is something like:
unsigned char key[32];
unsigned char iv[16];

for(i = 0;  i < sizeof(key);  i++)
key[i] = i;

for(i = 0;  i < sizeof(iv);  i++)
iv[i] = i;

What I see on Windows after directly decrypting is something as below (I
used some embedded picture to be able to show invisible characters at the
end)
[image: image.png]

My questions are (please keep in mind that I maybe asking non-sense):
1- Is OpenSSL version 1.0.0e using some kind of proprietary padding?
I read something in this accepted answer:
https://stackoverflow.com/questions/11783062/how-to-decrypt-file-in-java-encrypted-with-openssl-command-using-aes
I also remember reading PKCS#5 is identical to PKCS#7 in another answer
(which failed to work in my case).

2- What should I do to properly decrypt and receive plain text without
additional characters in the end?

I appreciate any help.

Thanks & regards,
Ertan Küçükoğlu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181228/57486f52/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 4746 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181228/57486f52/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crypt
Type: application/octet-stream
Size: 128 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181228/57486f52/attachment-0001.obj>

More information about the openssl-users mailing list