[openssl-users] Decrypting an OpenSSL encrypt AES256-CBC data
jb-openssl at wisemo.com
Sat Dec 29 12:54:03 UTC 2018
On 29/12/2018 13:41, Ertan Küçükoglu wrote:
> Windows program does not know length of data. I would like to use some
> kind of standard method and use exact method on Windows to decrypt.
> I think my problem is really that I do not know what "padding" is used
> by default. I have found below function. However, there is no detailed
> explanation about it in here:
> int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
> I wanted to learn what values can "padding" parameter be. I understand
> I can set it to zero ( 0 ) for disabling padding. This is not what I
> want because my plain text length is not confirmed to be multiply of
> 16 bytes.
> I can use PKCS#7 to decrypt on Windows so I would like to encrypt
> using that padding. Just do not know what value to pass in above
> function now.
PKCS#7 also known as CMS or (in OpenSSL) SMIME, doesn't just pad. It
generates a random key and encrypts it with the recipients key (usually
a public key from a certificate, but there may be a symmetric variant).
Thus to do PKCS#7 with OpenSSL, you need to use the "openssl cms" command
line or the corresponding functions.
> Michael Wojcik <Michael.Wojcik at microfocus.com
> <mailto:Michael.Wojcik at microfocus.com>>, 28 Ara 2018 Cum, 21:16
> tarihinde şunu yazdı:
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org
> <mailto:openssl-users-bounces at openssl.org>] On Behalf Of Ertan
> > Sent: Thursday, December 27, 2018 16:03
> > A- I tried to directly decrypt (no padding applied) and I get my
> plain text plus
> > some additional invisible characters at the end. I am told it
> maybe a "padding"
> > issue, my problem, during decryption.
> How does the Windows program know how long the decrypted data is?
> It sounds to me like the problem is simply that your Windows code
> is decrypting the data correctly, then reading past it into
> garbage left at the end of the buffer.
> If the messages are of fixed length, only use that many bytes from
> the decryption output. If they're of variable length, then the
> sender will have to tell the receiver how long they are. There are
> many ways of doing that; you haven't told us enough about your
> protocol to know which would be appropriate in your case.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users