[openssl-users] Some documentation about key derivation and block padding

Alexis BRENON @OpenSSL brenon.alexis+openssl at gmail.com
Fri Feb 1 12:58:42 UTC 2019

i everyone,

I am looking for some documentation on how to pad and/or derive my
message and my key (from simple password), to mimic AES 128 ECB

For a decorative purpose (no security consideration in mind), I used
openssl to encrypt a small message (less than 16 bytes) with a small
key (less than 16 bytes). I used an AES 128 ECB encryption algorithm
with no salt. Here is the command line I used:
printf 'my message' | openssl enc -aes-128-ecb -nosalt -pass pass:word
This gave me a block of 16 bytes that I plotted with a script. Then I
have another script which rebuild the ciphered message from the list
of 0s and 1s that I can enter manually and then decrypt the message
openssl enc -d -aes-128-ecb -nosalt -pass pass:word
And this worked like a charm.

However, recently I saw that running these commands output a warning:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
So I decided to re-write the scripts to make the en/decryption on
their own, not relying on future implementations of openssl. Since
then, I could not reproduce the same results as the ones obtained with
openssl (compatibility required to be able to decrypt already printed

My scripts are in Python and I use pycrypto library which provides AES
128 ECB algorithms but does not make any padding (it is the
responsability of the user to pad her data). It seems that the message
should be padded using PKCS7 (RFC 2315) standard. Nevertheless, I did
not really understand how to pad/derive a 128 bits key from my simple
password. In openssl code base, it seems to use some CRYPTO_128_wrap
function, but I don't understand it very well.

So, do you know some documentation or example on how to achieve the
same behavior than openssl. Is there anything that I also must take
care of ?

Kind regards,

More information about the openssl-users mailing list