1

I encrypted a file by using the following command from a stackoverflow answer:

openssl enc -in file_name -aes-256-cbc -pass stdin -out file_name.aes;

I can decrypt this file by running:

openssl enc -in file_name.aes -d -aes-256-cbc -pass stdin -out file_name

However, the decryption command only works in the machine where I encrypted the file (CentOS). If I copy the encrypted file file_name.aes over to my other machine (running on Fedora) and I try to decrypt it, I get an error message:

140667230762896:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:

Which suggests I am typing the wrong password. Is OpenSSL aes encryption system depedent? Why can I only decrypt the file in CentOS but not in Fedora?

builder-7000
  • 113
  • 5
  • 2
    What version is used on each machine? Some defaults have changed, and some very old `openssl` versions are still in use. ([`enc` is terrible by the way](https://security.stackexchange.com/a/182281), you probably shouldn't use it) – AndrolGenhald Apr 18 '19 at 17:38
  • Versions are: `OpenSSL 1.0.2k-fips 26 Jan 2017` on CentOS and `OpenSSL 1.1.0i-fips 14 Aug 2018` on Fedora. I will consider using GnuPG as suggested in your linked answer. – builder-7000 Apr 18 '19 at 20:22

1 Answers1

6

You almost certainly have incompatible versions of OpenSSL on the two systems. Run openssl version to check.

The reason for the failure is usually that the default message digest has changed between the two versions, with the older version using MD5 and the newer using SHA256. OpenSSL doesn't store the hash type in the output message and expects you to specify it explicitly in the command if you want to use anything but default. Try adding -md sha256 to both commands.

Polynomial
  • 132,208
  • 43
  • 298
  • 379