Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL string decryption issue

I'll try to make this succinct as possible.

I want to be able to encrypt & decrypt simple strings using OpenSSL, which I have done before.

HOWEVER, the following conditions must be met:

  • Simple passphrase use (no keys)
  • No input/output files
  • No prompt for passphrase (specify via command-line options for either direction)

I'm 50% there. I can successfully perform ENCRYPTION via:

echo 'someTextIWantToEncrypt' | openssl enc -e -aes-256-cbc -nosalt -pass pass:mySecretPass

The output result is:

(??b}n??v???>??G??.?B??~?

OK, great. Now I want to DECRYPT that string. So I do:

echo -n '(??b}n??v???>??G??.?B??~?' | openssl enc -d -aes-256-cbc -pass pass:mySecretPass

or even as an alternative:

openssl enc -d -aes-256-cbc -pass pass:mySecretPass <<< '(??b}n??v???>??G??.?B??~?'

But I get this response:

bad magic number

Though I don't want to use input/output files, that method DOES work 100%:

# encrypt to file
echo -n 'someTextIWantToEncrypt' | openssl enc -e -nosalt -out test.txt -aes-256-cbc -pass pass:mySecretPass 

# decrypt from file
openssl enc -d -nosalt -in test.txt -aes-256-cbc -pass pass:mySecretPass

# result of decryption (is successful):
someTextIWantToEncrypt

So ... how can I achieve the above decryption process without using input/output files whatsoever? I feel I am close, but missing some small detail.

Thanks in advance.

like image 490
maximum ldap Avatar asked Jun 14 '13 21:06

maximum ldap


People also ask

How do you decrypt a string?

Decryption Approach:Find the length L of the string. Find the ceil and floor values of √Length and assign them to the variables. Create a 2D matrix and fill the matrix by characters of string column-wise. Read the matrix row-wise to get the decrypted string.

What does openssl enc do?

Enc is used for various block and stream ciphers using keys based on passwords or explicitly provided. It can also be used for Base64 encoding or decoding.


1 Answers

The problem is that encryption uses the entire ASCII character set, including unprintable characters. If you want to be able to cut and paste the encrypted data, you need to convert it to only printable characters. You can do this with the -base64 (or -a) option:

echo 'someTextIWantToEncrypt' | \
  openssl enc -base64 -e -aes-256-cbc -nosalt -pass pass:mySecretPass

KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=

Then decrypt it the same way:

echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:mySecretPass

WARNING: If you're using openssl, I can only assume the confidentiality of the data, and therefore the password, is important to you. If that's the case, you should never supply a password on the command line, because it can be exposed to anyone with the privilege to run ps.

A better solution is to store the password in an environment variable and have openssl read it from there:

export passwd="mySecretPass"
echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd
like image 144
Adam Liss Avatar answered Sep 22 '22 13:09

Adam Liss