OpenSSL 1.1.1t cannot decrypt 1.0.2k-fips files

Tomas Mraz tomas at openssl.org
Mon Apr 3 17:56:33 UTC 2023


On Mon, 2023-04-03 at 10:53 -0700, Gary Li wrote:
> Not working yet:
> 
> $ openssl enc -aes-256-cbc -d -md md5 -nopad -iter 10000 -in hello.en
> -out hello.de -k garystest

This is wrong as -nopad and/or -iter cannot be used for these legacy
files.

> $ more hello.en
> Salted__z▒▒0>
> ▒       K▒▒>▒▒▒
> $ openssl enc -aes-256-cbc -d -md md5 -in hello.en -out hello.de -k
> garystest
> *** WARNING : deprecated key derivation used.
> Using -iter or -pbkdf2 would be better.

This is the right command.


> $ more hello.en
> Salted__z▒▒0>
> ▒       K▒▒>▒▒▒
> 

You're printing the original encrypted file, not the decrypted one.

Tomas Mraz, OpenSSL



More information about the openssl-users mailing list