Thanks Dan, i did that anyway. I compiled 1.1 and decrypted and re-encrypted them. My data is back. I didnt know that there is such backward compatibility issues with 3.x
On Fri, Oct 28, 2022 at 12:16 PM Dan Ritter <d...@randomstring.org> wrote: > Bhasker C V wrote: > > Hi, > > > > > > Could someone help me please on how do I go about migrating data of mine > > from old SSL encryption > > > > For instance > > > > > > OPENSSL 1.1 (on a old system) > > > > $ echo hai | openssl bf-cbc -md md5 > hello.txt > > > > and then in > > > > OPENSSL 3 > > > > $ cat hello.txt | openssl bf-cbc -md md5 -d -provider legacy > > enter BF-CBC decryption password: > > *** WARNING : deprecated key derivation used. > > Using -iter or -pbkdf2 would be better. > > EVP_BytesToKey failed > > 40D7C740377F0000:error:0308010C:digital envelope > routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:373:Global > > default library context, Algorithm (MD5 : 100), Properties () > > 40D7C740377F0000:error:03000086:digital envelope > > routines:evp_md_init_internal:initialization > > error:../crypto/evp/digest.c:252: > > > > > > Is there anything else missing other than -provider legacy for decrypting > > such files ? I am guessing the MD5 is not compatible with legacy > provider. > > > > I have tried fips, base, legacy > > I recommend two things: > > First, use openssl 1.1 to decrypt your files. Once you have the > plaintext, you can re-encrypt them as you see fit. > > Second, don't use openssl 3 yet. It's still the season of > frequent CVEs. > > -dsr- >