Re: Error - AES-256 CBC encrypting using EVP routines and decrypting using command line
You need to use same iv and key for decryption. I believe the command is openssl enc -d -aes-256-cbc -K key used to encrypt -iv iv used to encrypt -in rgconf_encrypted -out rgconf_decrypted. -Anand On Tue, May 25, 2010 at 8:30 AM, ~ Kunal Sharma ~ koolku...@gmail.comwrote: Friends, I'm trying to verify that my encryption and decryption routines work ok. One way I do it is to encrypt the data and save it to a file. The I feed the encrypted file to my decryption routine and write the decrypted data to another file. I compare the original data and the contents of the decrypted file and they are same. So the routines work fine in tandem. Another method I want to use it to encrypt the data and save it to a file. Then I feed the encrypted file to Openssl command line to decrypt. I get my encrypted data in the file rgconf_encrypted. Then I run the following command: openssl enc -d -aes-256-cbc -in rgconf_encrypted I enter the decryption password As different as chalk and cheese which I used to encrypt the data. But I get the error bad magic number. Am I missing something here ? I need to be able to use a simple phrase as my encryption password so I can decrypt it on command line as well. Please provide any pointers on what could be wrong here. Below is the code for my encryption routine. Thanks, Kunal ++ int encrypt(void) { EVP_CIPHER_CTX ctx; unsigned char ibuf[1024],obuf[1024]; int rfd, wfd,ilen,olen,tlen; unsigned char key32[] = As different as chalk and cheese; unsigned char iv[] = As dark as pitch; EVP_CIPHER_CTX_init(ctx); if(!EVP_CipherInit_ex(ctx, EVP_aes_256_cbc(),NULL,key32, iv,AES_ENCRYPT) ) { console_printf(Couldnt initialize cipher\n); return 1; } /* read the original contents that are stored in file /etc/rgconf */ if((rfd = open(/etc/rgconf,O_RDONLY) ) == -1) { console_printf(Couldnt open input file\n); return 1; } /* open a file /et.rgconf_encrypted to store encrypted data */ if((wfd = creat(/etc/rgconf_encrypted,0644) ) == -1) { console_printf(Couldn't open output file for writing\n); return 1; } while((ilen = read(rfd,ibuf,1024) ) 0) { if(EVP_CipherUpdate(ctx,obuf,olen,ibuf,ilen)){ write(wfd,obuf,olen); } else { console_printf(Encryption error\n); return 1; } } if(!EVP_CipherFinal_ex(ctx,obuf+olen,tlen)) { console_printf(Trouble with padding the last block\n); return 1; } write(wfd,obuf+olen,tlen); EVP_CIPHER_CTX_cleanup(ctx); close(rfd); close(wfd); console_printf(AES 256 CBC encryption complete\n); return 0; } ++
Re: Problem in using openssl in PC
Why don't you link your application statically during build. This eliminates problem of having runtime linking/loading. If that works then you know the problem is with something else and not ssl. On Fri, Mar 19, 2010 at 8:42 AM, Mohit Kumar mohitk...@gmail.com wrote: Hi, I am using openssl in QT4.I copy libeay32.dll,ssleay32.dll along with my application.In some machine its work fine.While in some other PC i get error ssl not supported Please help as only ssl creating problem. Its urgent Thanks in advanced __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error copiling ssl: undefined reference
Do you link against correct libraries? Try linking with ssleay and libeay. -Anand On Fri, Feb 26, 2010 at 12:08 PM, xabi esteban xab...@msn.com wrote: Hello: I'm trying to use the SSL libreries. When I try to comipile my code y always obtain the same error: cli.c:(.text+0x20): undefined reference to `SSL_library_init' cli.c:(.text+0x25): undefined reference to `SSLv2_client_method' cli.c:(.text+0x30): undefined reference to `SSL_load_error_strings' cli.c:(.text+0x3e): undefined reference to `SSL_CTX_new' cli.c:(.text+0x6f): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x150): undefined reference to `SSL_new' cli.c:(.text+0x183): undefined reference to `SSL_set_fd' cli.c:(.text+0x191): undefined reference to `SSL_connect' cli.c:(.text+0x1ad): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x1c7): undefined reference to `SSL_get_current_cipher' cli.c:(.text+0x1cf): undefined reference to `SSL_CIPHER_get_name' cli.c:(.text+0x1ed): undefined reference to `SSL_get_peer_certificate' cli.c:(.text+0x222): undefined reference to `X509_get_subject_name' cli.c:(.text+0x23a): undefined reference to `X509_NAME_oneline' cli.c:(.text+0x279): undefined reference to `CRYPTO_free' cli.c:(.text+0x287): undefined reference to `X509_get_issuer_name' cli.c:(.text+0x29f): undefined reference to `X509_NAME_oneline' cli.c:(.text+0x2de): undefined reference to `CRYPTO_free' cli.c:(.text+0x2ec): undefined reference to `X509_free' cli.c:(.text+0x30a): undefined reference to `SSL_write' cli.c:(.text+0x326): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x352): undefined reference to `SSL_read' cli.c:(.text+0x36e): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x3b6): undefined reference to `SSL_shutdown' cli.c:(.text+0x3d2): undefined reference to `SSL_free' cli.c:(.text+0x3e0): undefined reference to `SSL_CTX_free' I'm trying with differets codes from the web and with the examples in demos/ssl In the includes y put the includes: #include openssl/crypto.h #include openssl/x509.h #include openssl/pem.h #include openssl/ssl.h #include openssl/err.h And the all the files are in /usr/includes/openssl Any idea? thanks http://www.messengergamesclub.com/spain/ -- Navega con el navegador más seguro de todos. ¡Descárgatelo ya!http://www.vivelive.com/internetexplorer8
Re: Need help on creating certs
You are not using any valid command. Error clearly explains that command '-incommand' is not valid command, and gives you output of valid commands. Look at, http://openssl.org/docs/apps/ca.html# openssl x509 openssl ca openssl req simple expample to get you started. openssl genrsa -out private_key.pem 1024 openssl req -new -x509 -key private_key.pem -out certificate.pem -Anand On Fri, Feb 26, 2010 at 4:08 AM, Chaitra chaitra.shan...@globaledgesoft.com wrote: I think it should be just -key. Thanks Regards Chaitra Shankar prasad kasthuri wrote: Hi Team, I am getting the following error while creating certs using openssl command. Please help me to create a cert using openssl. C:\OpenSSL\binopenssl -inkey mykeyfile.pem -in -mycertfile.pem -out myCert.p1 -export openssl:Error: '-inkey' is an invalid command. Standard commands asn1parse ca cipherscrlcrl2pkcs7 dgst dh dhparamdsadsaparam ec ecparamencengine errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand reqrsarsautl s_client s_server s_time sess_idsmime speed spkac verify versionx509 Message Digest commands (see the `dgst' command for more details) md2md4md5rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbcaes-128-ecbaes-192-cbcaes-192-ecbaes-256-cbc aes-256-ecbbase64 bf bf-cbc bf-cfb bf-ecb bf-ofb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb desdes-cbc des-cfbdes-ecbdes-ededes-ede-cbcdes-ede-cfb des-ede-ofbdes-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofbdes3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2rc2-40-cbc rc2-64-cbc rc2-cbcrc2-cfbrc2-ecbrc2-ofb rc4rc4-40 Thanks Prasad __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error copiling ssl: undefined reference
Those are the header you included. But you need to link against libs after compilation. What platform(win/linux) and What tool(studio/shell)? -Anand On Fri, Feb 26, 2010 at 1:59 PM, xabi esteban xab...@msn.com wrote: I don't understand you. I put the libreries in the includes #include openssl/ssl.h #include but i'din't put nothing more. How i could link with this libreries? I didn't found any example. Thanks -- Date: Fri, 26 Feb 2010 12:39:57 -0500 Subject: Re: Error copiling ssl: undefined reference From: anand.apa...@gmail.com To: openssl-users@openssl.org Do you link against correct libraries? Try linking with ssleay and libeay. -Anand On Fri, Feb 26, 2010 at 12:08 PM, xabi esteban xab...@msn.com wrote: Hello: I'm trying to use the SSL libreries. When I try to comipile my code y always obtain the same error: cli.c:(.text+0x20): undefined reference to `SSL_library_init' cli.c:(.text+0x25): undefined reference to `SSLv2_client_method' cli.c:(.text+0x30): undefined reference to `SSL_load_error_strings' cli.c:(.text+0x3e): undefined reference to `SSL_CTX_new' cli.c:(.text+0x6f): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x150): undefined reference to `SSL_new' cli.c:(.text+0x183): undefined reference to `SSL_set_fd' cli.c:(.text+0x191): undefined reference to `SSL_connect' cli.c:(.text+0x1ad): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x1c7): undefined reference to `SSL_get_current_cipher' cli.c:(.text+0x1cf): undefined reference to `SSL_CIPHER_get_name' cli.c:(.text+0x1ed): undefined reference to `SSL_get_peer_certificate' cli.c:(.text+0x222): undefined reference to `X509_get_subject_name' cli.c:(.text+0x23a): undefined reference to `X509_NAME_oneline' cli.c:(.text+0x279): undefined reference to `CRYPTO_free' cli.c:(.text+0x287): undefined reference to `X509_get_issuer_name' cli.c:(.text+0x29f): undefined reference to `X509_NAME_oneline' cli.c:(.text+0x2de): undefined reference to `CRYPTO_free' cli.c:(.text+0x2ec): undefined reference to `X509_free' cli.c:(.text+0x30a): undefined reference to `SSL_write' cli.c:(.text+0x326): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x352): undefined reference to `SSL_read' cli.c:(.text+0x36e): undefined reference to `ERR_print_errors_fp' cli.c:(.text+0x3b6): undefined reference to `SSL_shutdown' cli.c:(.text+0x3d2): undefined reference to `SSL_free' cli.c:(.text+0x3e0): undefined reference to `SSL_CTX_free' I'm trying with differets codes from the web and with the examples in demos/ssl In the includes y put the includes: #include openssl/crypto.h #include openssl/x509.h #include openssl/pem.h #include openssl/ssl.h #include openssl/err.h And the all the files are in /usr/includes/openssl Any idea? thanks http://www.messengergamesclub.com/spain/ -- Navega con el navegador más seguro de todos. ¡Descárgatelo ya!http://www.vivelive.com/internetexplorer8 -- Navega con el navegador más seguro de todos. ¡Descárgatelo ya!http://www.vivelive.com/internetexplorer8
Re: Problem with compiling of openSSL
I use windows cmd prompt to compile openssl (0.9.8) on XP. I have found Perl to be a main problem. make sure ActivePerl is the first perl on your path (set path=ActivePerl;%PATH%). And then run $$perl Configure other config option, look in install readme Also, if you want debug symbols you will have to edit nt.mak file. After running Configure and ms/do_(masm/nasm) edit nt.mak to add/remove appropriate CFLAGS. -Anand On Wed, Jan 20, 2010 at 4:31 AM, Christian Gehrmann - Setasign christian.gehrm...@setasign.de wrote: Hi, I'm an student at my company and got the task to compile openSSL under Windows XP. I tried to make it how it was described in the install.w32 file, but it won't work! I searched in google but there were no answer for my problem. The ./config works, that seems to be ok, but always when I try to compile it, I got errors during the make-command execution (see file attachment) I use CygWin with NASM, Perl5 and ActivePerl. Can somebody show me the right direction to fix my problem? Thanks Christian
Re: recommended rsa api
EVP is oneway of implementing your solution. Look at Example section of http://openssl.org/docs/crypto/EVP_EncryptInit.html# -Anand On Wed, Jan 20, 2010 at 10:14 AM, Alexey Luchko l...@ank-sia.com wrote: Hi! I'm new to openssl. I need to encrypt and decrypt approx 1k block of data with rsa. What is recommended api for the case? I've found RSA_public_encrypt() and RSA_private_decrypt(). It looks like a kind of low level api. But here I've got a problem with OAEP padding. Another one is EVP_PKEY_encrypt() and EVP_PKEY_decrypt(). It is of a higher level. It encodes and decodes correctly only one block for me, but looks like it could operate on block of any size. And I've not found any use cases with google code search. It looks like I missed smth ;) Any advice is very welcome! -- Thanks in advance, Alexey sms stands for save my soul __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: recommended rsa api
For RSA API take a look at http://openssl.org/docs/crypto/rsa.html# -Anand On Wed, Jan 20, 2010 at 11:18 AM, Anand Patel anand.apa...@gmail.comwrote: EVP is oneway of implementing your solution. Look at Example section of http://openssl.org/docs/crypto/EVP_EncryptInit.html# -Anand On Wed, Jan 20, 2010 at 10:14 AM, Alexey Luchko l...@ank-sia.com wrote: Hi! I'm new to openssl. I need to encrypt and decrypt approx 1k block of data with rsa. What is recommended api for the case? I've found RSA_public_encrypt() and RSA_private_decrypt(). It looks like a kind of low level api. But here I've got a problem with OAEP padding. Another one is EVP_PKEY_encrypt() and EVP_PKEY_decrypt(). It is of a higher level. It encodes and decodes correctly only one block for me, but looks like it could operate on block of any size. And I've not found any use cases with google code search. It looks like I missed smth ;) Any advice is very welcome! -- Thanks in advance, Alexey sms stands for save my soul __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How can I decrypt a DES-EDE3-CBC file?
openssl enc -d/-e [cipher to use] -in inputfile -out outputfile Look here http://www.openssl.org/docs/apps/enc.html# Encrypt openssl enc -e -des-ede3-cbc -in regualr_file Decrypt openssl enc -d -des-ede3-cbc -in encrypted_file -Anand On Wed, Dec 23, 2009 at 5:09 PM, dutchman1 cxsch...@gmail.com wrote: Hi, what's the openssl command to decrypt a DES-EDE3-CBC file? thanks! Chris -- View this message in context: http://old.nabble.com/How-can-I-decrypt-a-DES-EDE3-CBC-file--tp26908094p26908094.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: (newbie) private key vs. keystore confusion
Not sure what you mean by keystore but above command combines certificate and key in PKCS12 format service.p12. -Anand On Thu, Dec 24, 2009 at 10:33 AM, Mazza, Glen R. glen.r.ma...@saic.comwrote: Hello, I'm confused somewhat about the workings of OpenSSL, in particular the following command: openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out service.p12 -name myservicekey -passin pass:sspass -passout pass:skpass Question: Does the above command create a private key named service.p12 or a keystore named service.p12 that has a private key within it? I’m not sure what service.p12 is -- is it a keystore or a private key? If it is a keystore containing a private key, just to confirm, there is no real way with OpenSSL to create a private key without its enclosing keystore, correct? I.e., it is usual and normal for OpenSSL to create its private keys within keystores. But if it is just a private key, does OpenSSL provide the ability to create a keystore that can be used to house this private key? (What would the command be for that)? Thanks, Glen
PKCS 1 API question
Hello, I need to generated PKCS#1 structure from a message hash that I have calculated. Can some one please point me to OpenSSL API calls that does this. Thanks in advance..! -Anand
wincrypt.h conflicts during compilation winxp
Hello, I am trying to compile my appilcation performing PKCS7 logic. I am having issue during compilation of the x509 related objects. Specifically, there is name collision between wincrypt.h and openssl. During my initial research I found that it is a common problem (user list and ticket#1749). However, I have not been able to find solution other then #undef. What surprises me is that I have two windows XP machine, on one I am using installshield openssl distribution and on the other I am using source natively build modules. The one that has binary distribution works fine but natively build does not. Can someone please point me towards the possible solutions? I am also curious on learing what is causing this problem (two machine not behaving same). Thanks in advance, -Anand