I am trying to add encryption to my current tape backup scripts by piping the output through openssl, at the moment I have :

tar -czpvf /dev/nst0 /home /otherdir

so adding openssl gives this :

tar czpvf - /home /otherdir | openssl aes-256-cbc -e -salt -pass file:/my_passwd > /dev/nst0

which does not give any errors, however the only way I can find on the net to do a decrypt is :

dd if=/dev/nst0 conv=sync | openssl aes-256-cbc -d -salt -pass file:/my_passwd | tar xzpvf -

this gives the correct file listing but I get :

bad decrypt 8340:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:

every time.

What can I do to fix this?

Tim the Enchanter
  • 347
  • 2
  • 6
  • 21

4 Answers4


I think it might have to do with using a block cipher.

I get a similar error when I do:

$ tar czpvf - /test/directory |openssl aes-256-cbc -e -salt -pass pass:password | dd of=/tmp/foo.encrypted.tgz
$ dd if=/tmp/foo.encrypted.tgz conv=sync | openssl aes-256-cbc -d -salt -pass pass:password |tar xzpvf -

But when I use a streaming cipher like rc4, e.g.:

$ tar czpvf - /test/directory |openssl rc4 -e -salt -pass pass:fred | dd of=/tmp/foo.encrypted.tgz

I don't get that error.

  • 24,533
  • 2
  • 49
  • 69
  • Ah, if you're using a block cipher, try the "-nopad" option for openssl. There must be some sort of junk floating around as an artifact of how the tape stream is being chopped up into plain text blocks. – cjc Nov 01 '11 at 19:06
  • Thank you! It was the block cipher that caused it, both of your suggestions, to change to RC4 or add the `-nopad` option worked. It now decrypts with gzip only complaining about the tar padding [tar and blocking](http://www.delorie.com/gnu/docs/tar/tar_129.html), which is just a gzip tar annoyance. – Tim the Enchanter Nov 02 '11 at 13:00

Most of the time I've seen that kind of error message from OpenSSL is due wrong password. Can you temporarily try if replacing file:/my_passwd with pass:yourpassword at decrypt line proceeds OK? This, of course, would be a bad permanent solution but try this for debugging.

Janne Pikkarainen
  • 31,454
  • 4
  • 56
  • 78

You need to pad the input to the block cipher. Try piping your tar to dd with a blocksize of 4k and the conv=sync option. This will pad the end of the data.

  • 111
  • 2

You are better off using mbuffer to write to the tape as it can handle tape spanning and buffering (reducing shoe shining), and it writes in full blocks to keep the tape drive happy. See this answer for an example script. mbuffer reads from stdin so compression and encryption aren't a problem for it, even when spanning across multiple tapes (something tar cannot do.)

As to the need to use dd with sync, this is because of the tape drive's need to write in blocks. See this answer for a detailed description of why, but the short answer is that again using mbuffer to write the data in fixed sized blocks (e.g. 256kB each) solves the issue.

  • 955
  • 7
  • 27