Hi, When you encrypted data with a password using openssl command line, the first 16 bytes of the output are actually a header of the form 'Salted__XXXXXXXX' where the last 8 bytes represent the salt used to derive the key and the IV. So, from here you have to choices : - decrypt the encrypted file using the same password. In this case, openssl will use the header to compute the key and the IV and then decrypt the remaining data. - discard the first 16 bytes of the encrypted file and then give openssl the value of the key and the IV in order to decrypt the remaining data.
As a rule, if you encrypt using a password, you should decrypt using a password and if you encrypt using a specific key and IV, then you should decrypt using the same key and IV: You can't mix the two approaches without extra processing. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hello everybody and thank you all for reading. > > I'm doing some experiments with blowfish and triple DES ciphers. > I'm encrypting some text files; using a password to generate the key > and the IV; while using the "-p" option to let openssl show me the > salt, the key and the IV onscreen. > > As far as I've understood I could decrypt the output encrypted file > just supplying the key and the IV. > And actually if I do that, that is ALMOST what I get. But, the first > eight characters of the source file didn't get decrypted, or at least > they doesn't apparently get decoded correctly: I got a bunch of > unreadable binary bytes instead. > > Here's what I did: > $ openssl enc -bf -in source.txt -out encrypted -p > > enter bf-cbc encryption password: > Verifying - enter bf-cbc encryption password: > salt=FF01D744C268C056 > key=22153E114FB3C2873BAE05873AFBD19C > iv =F68A9A229A516752 > > Then if I try to decode the encrypted file with: > > openssl enc -d -bf -in encrypted -K 22153E114FB3C2873BAE05873AFBD19C > -iv F68A9A229A516752 > > Then the output *of the first eight bytes* isn't even ASCII so I can't > paste it here! The rest of the file is perfectly decrypted though. I > tried with files of various length and they are all decrypted > perfectly but the first chars. > > I tried with versions 0.9.8g (19 Oct 2007) and 0.9.8k (25 Mar 2009) > with the same results. Using des3 in place of bf doesn't change that > behaviour too. > > Please kindly help me to understand what I'm missing. Thank you SO much! > -- > Alfredo Belmonti > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
