aes-cbc-256 mode descryption without an IV

Tim Webber 72911e at gmail.com
Tue Mar 26 01:58:11 UTC 2019


Good fine Marian.  Thx for all your help.

On Mon, Mar 25, 2019 at 9:24 AM Marian Beermann <public at enkore.de> wrote:

> As it just so happens here is a gist implementing EVP_BytesToKey in Python:
> https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc
>
> -Marian
>
> Am 25.03.19 um 17:14 schrieb Tim Webber:
> > Thanks Marian.  i did read the man pages for enc .  not sure how that
> > gets you to the  EVP_BytesToKey algorithm but thank you for providing
> > that page.  i suspect it might be easier to have the folks encrypting
> > the data specifiy an IV rather than trying to figure out how to
> > implement  EVP_BytesToKey in python.  its not inconsequential.
> >
> > On Mon, Mar 25, 2019 at 5:08 AM Marian Beermann <public at enkore.de
> > <mailto:public at enkore.de>> wrote:
> >
> >     Well let's just read the man pages, shall we?
> >
> >     >        -kfile filename
> >     > Read the password to derive the key from the first line of
> filename.
> >
> >     Then
> >
> >     >        -md digest
> >     > Use the specified digest to create the key from the passphrase.
> >     > The default algorithm is sha-256.
> >
> >     And
> >
> >     >       -iv IV
> >     > ...
> >     > When a password is being specified using one of the other options,
> the
> >     IV is generated from this password.
> >
> >     The man page doesn't specify the key derivation algorithm, but a
> quick
> >     glance at apps/enc.c shows that it uses EVP_BytesToKey, which is
> >     documented here:
> >     https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html
> >
> >     -Marian
> >
> >     Am 25.03.19 um 01:20 schrieb Tim Webber:
> >     > I just posted a message which i have copied below to a python
> >     forum.  It
> >     > might be better asked here.  The coles notes version of my
> >     question is this:
> >     >
> >     > I have received an encrypted data file (mydata.encrypted) and a key
> >     > (plain text for now) and the following command to decrypt it:
> >     >
> >     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
> >     > mydata.decrypted -kfile my_symmetric_key
> >     >
> >     > Question is this.  How is the initialization vector calculated?
> This
> >     > command works fine.  My issues is that i dont know how the
> >     > initialization vetor is calculated.  I suspect if its left out
> >     there is
> >     > some default way of doing it.  Can you tell me how its done?
> Thanks!
> >     >
> >     > ************************* ORIGINAL QUESTION to python community
> >     > ******************
> >     >
> >     > I have received an encrypted data file (mydata.encrypted) and a key
> >     > (plain text for now) and the following command to decrypt it:
> >     >
> >     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
> >     > mydata.decrypted -kfile my_symmetric_key
> >     >
> >     > The people who encrypted these data did so with openssl but I dont
> >     know
> >     > what the encrypt command looks like. I do know that the above
> command
> >     > does decrypt the data successfully though.
> >     >
> >     > I want to use Python to decrypt this file. I am thinking of using
> >     > cryptodome but am open to suggestions. Here's what i know from the
> >     above
> >     > openssl decrypt command.
> >     >
> >     > - its uses AES cbc 256 mode for the decryption ( -d )
> >     > - it uses base64 to encode the data "AFTER" (-a) the cryptographic
> >     operation
> >     > - it does not specify the initialization vector (IV).
> >     >
> >     > I am struggling with how to code for this using python. What I
> suspect
> >     > is my problem is that i dont know how to properly calculate the IV.
> >     > Looking at the openssl documentation they say to see "key
> >     derivation" to
> >     > find out how they handle IV when its not specified. I cant track
> down
> >     > this key derivation information. Any help will be appreciated!
> >     > *******************************
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190325/864bdbff/attachment-0001.html>


More information about the openssl-users mailing list