How to generate the output in hexadecimal in Openssl?

Question

Finally I am able to get the output in base64 format by using the "-a" switch; there is any hexadecimal switch that I can use?

echo '0: 63616e746765747468697332776f726b' | xxd -r | openssl enc -aes-128-ecb -a -K 00000000000000000000000000000000

If I run that code, I will get this:

N2+bVLU8fIS7ucFW1Qr/xwFD22PuZrDN/59pkXaAFR4=

...and somehow it is also wrong because it is supposed to be only this:

N2+bVLU8fIS7ucFW1Qr/xw==

Anyways, I just need to be able to come up with this output:

376f 9b54 b53c 7c84 bbb9 c156 d50a ffc7

Answer 1

Q1. No, openssl enc can't output in hex, only binary/raw or base64. But you apparently have xxd available, whose main purpose it to convert to hex so pipe into that, then cut -c10-50 to remove the leftmost address and rightmost printable-ASCII parts to get the exact format you show xxxx xxxx etc; alternatively xxd -p does 'plain' xxxxxxxx or od -An -tx1 does xx xx xx xx etc in one step.

Q2. You are getting (the base64 encoding of) two blocks of ciphertext because enc with a nonstream cipher defaults to PKCS#5 padding, and your plaintext is exactly one block (which is 16 bytes for AES). Add -nopad to get the output you ask for.

---

Here is the whole thing in one place in sequence:

PROBLEM: You have input in hex and want output in hex, but openssl enc takes input in binary (not hex) and produces output in binary or base64 (but not hex).

DEDUCTION: You must convert the input from hex to binary. You must also convert the output from binary to hex. Although both of these include the words 'hex' and 'binary', these are different things.

Step 1: convert the input from hex to binary, because you have hex and need binary input for enc

 echo 0: 63616e746765747468697332776f726b | xxd -r 

Step 2: do the encryption (without padding) from binary to binary

 openssl enc -aes-128-ecb -nopad -K 00000000000000000000000000000000 

Step omitted: do NOT use -a to convert to base64. You don't want base64.

Step 3: Convert binary to hex, because you have binary but want hex

xxd -p

TOTAL (using minimal shell prompt of $, yours may be different):

$ echo 0: 63616e746765747468697332776f726b | xxd -r \
| openssl enc -aes-128-ecb -nopad -K 00000000000000000000000000000000 | xxd -p
376f9b54b53c7c84bbb9c156d50affc7
$

This is the result you asked for except without spacing which you later said you don't need.

If you do want the spacing use xxd without -p and add cut as I originally said:

$ echo 0: 63616e746765747468697332776f726b | xxd -r \
| openssl enc -aes-128-ecb -nopad -K 00000000000000000000000000000000 | xxd | cut -c10-50
376f 9b54 b53c 7c84 bbb9 c156 d50a ffc7
$