[openssl-users] Some documentation about key derivation and block padding

Alexis BRENON @OpenSSL brenon.alexis+openssl at gmail.com
Mon Feb 4 10:01:06 UTC 2019

Hi all,

So, I found some hints on stack overflow
and an implementation with pyCrypto
I still can't get the expected results but these raise some questions:
how many iteration of PBKDF must I do ? Must the result of the
encryption be hashed with HMAC ?

Kind regards,

Le ven. 1 févr. 2019 à 13:58, Alexis BRENON @OpenSSL
<brenon.alexis+openssl at gmail.com> a écrit :
> i everyone,
> I am looking for some documentation on how to pad and/or derive my
> message and my key (from simple password), to mimic AES 128 ECB
> en/decryption.
> For a decorative purpose (no security consideration in mind), I used
> openssl to encrypt a small message (less than 16 bytes) with a small
> key (less than 16 bytes). I used an AES 128 ECB encryption algorithm
> with no salt. Here is the command line I used:
> printf 'my message' | openssl enc -aes-128-ecb -nosalt -pass pass:word
> This gave me a block of 16 bytes that I plotted with a script. Then I
> have another script which rebuild the ciphered message from the list
> of 0s and 1s that I can enter manually and then decrypt the message
> with:
> openssl enc -d -aes-128-ecb -nosalt -pass pass:word
> And this worked like a charm.
> However, recently I saw that running these commands output a warning:
> *** WARNING : deprecated key derivation used.
> Using -iter or -pbkdf2 would be better.
> So I decided to re-write the scripts to make the en/decryption on
> their own, not relying on future implementations of openssl. Since
> then, I could not reproduce the same results as the ones obtained with
> openssl (compatibility required to be able to decrypt already printed
> arts).
> My scripts are in Python and I use pycrypto library which provides AES
> 128 ECB algorithms but does not make any padding (it is the
> responsability of the user to pad her data). It seems that the message
> should be padded using PKCS7 (RFC 2315) standard. Nevertheless, I did
> not really understand how to pad/derive a 128 bits key from my simple
> password. In openssl code base, it seems to use some CRYPTO_128_wrap
> function, but I don't understand it very well.
> So, do you know some documentation or example on how to achieve the
> same behavior than openssl. Is there anything that I also must take
> care of ?
> Kind regards,
> Alexis.

More information about the openssl-users mailing list