0

I am working with OpenSSL using Windows 10 CMD. I am trying to encrypt something using triple des with key coded in base64 that stored in text file (assume that plain text is:"hi all I am someone", key.txt (key 24 byte coded in base64)), so I wrote this command line:

openssl enc -des-ede3 -pbkdf2 -base64 -in input.txt -out output.txt -k key.txt

now the problem is as follow: encryption result after run my command is: 

U2FsdGVkX1/CxK/qRQDXLsl/pTE650K/xcHnPWbhb3Z1EtyrNPyzVA==

but when use some online website like (https://www.devglan.com/online-tools/triple-des-encrypt-decrypt) to make sure if my work good I found this result for encrypting process:

c9FxRbKYE/We1igMIU58833njnVjs6KH

so please tell me which one is the correct??? I have been worked on that since hours.

note: the key that I used is: CiC4IOH/ASAHd7dxOSVIw4VSG/yG33FN (it's coded in base64)

Anas4795
  • 1
  • 1

2 Answers2

2

You're using OpenSSL incorrectly. The obsolete -k parameter specifies a password, not a key file. This password (literally "key.txt" in this case) is then run through a key derivation function (PBKDF2, per your command line). However, if you're providing a key already, (as opposed to a password), you don't need (and shouldn't use) a slow key-derivation function. Since you are using a key as though it's a password in one case and actually using it as a key in the other, of course the output will be different. The ciphertext will differ, as it's created using a derived key (rather than one provided directly), plus KDFs require additional parameters (work factor and salt) which must be stored and transmitted in plain text as well.

Indeed, looking at the base64-decoded output of the openssl command, it is relatively long (40 bytes) contains the plain English word "Salted", which is unexpected if it were nothing but ciphertext of English text:

$ echo -n 'U2FsdGVkX1/CxK/qRQDXLsl/pTE650K/xcHnPWbhb3Z1EtyrNPyzVA==' | base64 -d | hd
00000000  53 61 6c 74 65 64 5f 5f  c2 c4 af ea 45 00 d7 2e  |Salted__....E...|
00000010  c9 7f a5 31 3a e7 42 bf  c5 c1 e7 3d 66 e1 6f 76  |...1:.B....=f.ov|
00000020  75 12 dc ab 34 fc b3 54                           |u...4..T|

The website output also contains a handful of printable ASCII characters:

$ echo -n 'c9FxRbKYE/We1igMIU58833njnVjs6KH' | base64 -d | hd
00000000  73 d1 71 45 b2 98 13 f5  9e d6 28 0c 21 4e 7c f3  |s.qE......(.!N|.|
00000010  7d e7 8e 75 63 b3 a2 87                           |}..uc...|

but no plain English words, and (as expected) a significantly shorter length (just 24 bytes, which makes sense if you take the 20-byte input string "hi all I am someone" and pad it out to a multiple of DES' 64-bit block size). I don't know exactly what the format of the OpenSSL command is, but that's definitely your problem.

You're also using the website you linked incorrectly. It expects the key in plain text, not base64 (or hex) encoded. Since your key contains non-printable characters, this is tricky to paste into the text box, but I tried it with a key made only from printable characters and it worked correctly.

To actually use the key you want with openssl, you first need to convert it to a hex representation (there might be an easier way to do this on the command line but this uses tools most likely already installed):

$ echo -n "CiC4IOH/ASAHd7dxOSVIw4VSG/yG33FN" | base64 -d | od -A n -t x1 | tr -d '\n '
0a20b820e1ff01200777b771392548c385521bfc86df714d

You can then pass this hex-encoded key to the -K (note: capital K) parameter in openssl enc:

$ echo -n 'hi all I am someone' | openssl enc -des-ede3 -base64 -K 0a20b820e1ff01200777b771392548c385521bfc86df714d
Lv0OrqobWvh/u681nIe3ONhSy0PYnhlK

I can't find any way to pass the symmetric key directly to openssl from a file, unfortunately. OpenSSL is a cryptographic library, more than a command-line tool; its command-line utilities are often convenient, but it's mostly used for its API.

CBHacking
  • 40,303
  • 3
  • 74
  • 98
  • Thanks a lot for your explain, but I suppose there is something I have to tell you. I am beginner to OpenSSL so I found some exercise and all my question above is about these exercises: (must use OpenSSL and windows cmd to solve) 1- create a text file containing some data (assume its name: info.txt) 2- write a command line to generate a Triple DES key coded in base64 (store it in key.txt) 3- write a command line to encrypt the file "info.txt" using Triple DES algorithm and key stored in "key.txt" 4- this step to decrypt ... – Anas4795 Dec 18 '19 at 20:13
  • I am so confused now, I discovered that I created a wrong key using this command: openssl rand -base64 -out key.txt 24 ..............this command generated a 128 bit key, but when I am trying to use online website I get a 192 bit key length for des-ede3 (ecb mode) ... what happens ?! is that thing so DIFFICULT to me ? :( – Anas4795 Dec 18 '19 at 21:56
  • Anas: `openssl rand ... 24` generates a 192-bit key, which if encoded in base64 is 32 chars (plus a system-dependent line terminator). 192-bits _is_ the correct size for the key of what OpenSSL calls des-ede3 (officially TDEA keying option 1); 128-bits would be correct for OpenSSL's des-ede (which is TDEA keying option 2). (But note the _effective_ key size is less, and the _strength_ lesser still.) CB: I don't know if it counts as direct, but on shells that have `echo -n` you can probably do `openssl enc ... -K $( – dave_thompson_085 Dec 19 '19 at 03:29
  • @dave_thompson_085 Thanks a lot for your answer, I am sure now about how to create the key coded in base64 , but now I still cant encrypt the info.txt file using des-ede3 using key.txt – Anas4795 Dec 19 '19 at 23:00
  • @dave_thompson_085 please note that I am using windows 10 CMD to write openssl command lines – Anas4795 Dec 19 '19 at 23:11
-1

You should not expect the same result when you use 3des-ecb to encrypt the same plaintext using the same key twice. This is because 3des-ecb uses an initialization vector (IV), which is randomly generated. Even if you run the same openssl command that you posted in your question twice, the output will be different for each time that you run it.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • ECB does **not** use an IV! Any message encrypted using ECB will produce the same ciphertext each time it is encrypted with the same cipher and key. This is one of the reasons is considered insecure (the other being that identical blocks of plaintext will have identical ciphertext, regardless of those blocks' positions; each block is encrypted independently). You might be thinking of CBC mode? Very different. – CBHacking Dec 18 '19 at 19:29
  • Thanks for the clarification. But, in that case, why does `openssl enc -des-ede3 -pbkdf2 -base64 -in input.txt -out output.txt -k p4$$w0rd` produce a different output each time you run it? – mti2935 Dec 18 '19 at 20:04
  • Because the password is hashed (using PBKDF2, which is an iterated hash process) with a salt, and the salt is randomly generated. Remove the `-pbkdf2` parameter (which will cause it to fall back on using a single-iteration hash, SHA256 IIRC) and add the `-nosalt` parameter (which is incompatible with PBKDF2), and you should get the same value every time. Alternatively, use `-K` (key) with a valid value (see my answer) instead of `-k` (password), so it doesn't hash anything and thus doesn't have anywhere to put a salt. – CBHacking Dec 18 '19 at 21:39
  • Makes perfect sense. Thanks for the detailed explanation. – mti2935 Dec 19 '19 at 01:55
  • Note `-pbkdf2` is supported only on OpenSSL 1.1.1, since 2018 -- which soon will be the only version supported upstream. And for modes that do use IV, like CBC and CFB, although it _should_ be random, the `enc` command actually uses the same password-based derivation for both key and IV, so if you use the old-style derivation (EVP_BytesToKey) _without_ salt (or with fixed salt, with `-S` uppercase) it actually uses the same IV, which ranges from Bad to Awful. – dave_thompson_085 Dec 19 '19 at 03:41