1

I have a .txt.enc file. It is an output of openssl enc. I need to open it. When I try to open it in Emacs, the first some characters(also known characters) are : 'Salted__C' . how can I understand that which decryption method such as '-aes-256-cbc' or '-cast5-cbc' I should use to open it?

Elik
  • 111
  • 1
  • 2
  • 1
    AFAIK, [ciphertext indistinguishability](https://en.wikipedia.org/wiki/Ciphertext_indistinguishability) is an important property of a good encryption scheme. Having the ciphertext only, you're _supposed_ to not be able to know how it was encrypted. I could be wrong. – Adi Mar 27 '13 at 09:33

1 Answers1

1

What Adnan says about ciphertext indistinguishability is correct, this can be a hard problem, the only clue you have is "Salted__" string which is how OpenSSL distinguishes salted and unsalted encrypted data.

Assuming the file was encrypted with a password (or key/IV pair) that you have, you will have to try every every method:

ciphers=$(openssl enc -h 2>&1 | nawk '/^Cipher/ {n++; next}; (n) {print}')
password=xyzzy

for cc in $ciphers; do
    openssl enc -d $cc -pass pass:$password \
        -in myfile.txt.enc -out outfile$cc.txt  2> /dev/null
    rc=$?
    # check for non-zero exit, or output file size not > zero bytes 
    if [ $rc -ne 0 -o ! -s outfile$cc.txt ]; then
        echo "Failed with $cc"
    else 
        echo "Possible success with $cc"
    fi
done

(There are some duplicate ciphers due to name aliases, e.g .aes-128 = aes-128-cbc.)

Now you'll see the next problem, with many algorithms you can decrypt ciphertext with a bad password and not know if the algorithm and/or password were correct.

There are a number of methods to determine if a password was correct and a decryption was successful (e.g. via checksum, integrity (e.g. with HMAC), padding (e.g. with PKCS#5) or other expected structure, or known "left over" state), though sometimes not being able to tell is in fact a feature.

mr.spuratic
  • 7,937
  • 25
  • 37
  • Your bash-fu is strong, whats this bit do? `rc=$? if [ $rc -ne 0 -o ! -s outfile$cc.txt ];` – lynks Mar 27 '13 at 12:24
  • Save the exit status `$?` in `rc` (not strictly required here, just habit), then test for non-zero exit, or (`-o`) that the output file size is not greater than 0 bytes. – mr.spuratic Mar 27 '13 at 12:52
  • Thank you for the great answer. I'm trying your code with some common passwords, hoping to get some results. So far, not so good! – Elik Mar 27 '13 at 15:36