OpenSSL - how to get all settings when encrypting

2

I'm using openssl to encrypt text with a vendor. I have to send test encrypted text and provide them with what they need to decrypt the text on their end. When I encrypt text and then try to decrypt it in Notepad++ using Nppcrypt, it asks for options that I don't know were used when running openssl, so I can never decrypt the text.

What I basically run is something like:

echo "test text" | openssl aes-256-cbc -a -k mypass -nosalt

and then I cut and paste the output in Notepad++ and try to decrypt. But it asks options I don't know and as such, the decrypt fails. What other settings should I set in OpenSSL so that I can a.) decrypt in Notepad++ and share the info with my vendor?

Tensigh

Posted 2015-12-03T07:15:45.363

Reputation: 327

You're rolling your own crypto. Why not use a more mainstream encryption, such as Enigmail with Thunderbird?

– StackzOfZtuff – 2015-12-03T15:08:47.733

What does it ask you? I guess it's related to password-based key derivation? – SEJPM – 2015-12-03T21:54:16.370

@SEJPM, there are a few choices that I know of; encoding (base 64), cipher (aes-128-cbc), salt/nosalt. Under key derivation there's PBKDF2, bcrypt, etc, authentication (add hmac?) and iv (random, key-derivation, zero). When I run the command in openssl to encrypt, I choose a password, cipher and no salt. But these other options that appear in Notepad++ I can't set when I run the command in openssl to encrypt. – Tensigh – 2015-12-03T22:55:22.393

@StackzOfZtuff, that won't work for us. We have to send files to a vendor with some rows encrypted and some rows in plain text. This is part of a software package that's being developed. Besides, we're using aes-128, how does this mean we're rolling our own crypto? – Tensigh – 2015-12-03T22:56:31.990

@Tensigh: "Rolling your own crypto" doesn't just mean the algorithms, but also how they're used – the cipher itself (some think DES is strong), cipher mode (CBC is alright, but many foolishly choose ECB), key derivation, even final framing (openssl aes doesn't just output raw encrypted data, but in a special format)... – user1686 – 2015-12-04T08:15:38.450

Answers

2

No Can Do

NppCrypt does not support OpenSSL's key derivation function.

OpenSSL uses its own homebrew key derivation function.

And NppCrypt only supports some more standard mechanisms (pbkdf2, bcrypt, scrypt):

Screenshot of nppcrypt's "key-derivation" tab `

Alternatives?

I don't know. But Thomas Pornin suggests GnuPG as superior to OpenSSL in another question regarding OpenSSL's weird key derivation choices.

StackzOfZtuff

Posted 2015-12-03T07:15:45.363

Reputation: 1 185

1I'd suggest GnuPG as well, if at least for using a well-documented output format. – user1686 – 2015-12-04T08:13:21.163

@StackzOfZtuff, thank you. I was not aware of those limitations/quirks of OpenSSL. I'll look into GnuPG. – Tensigh – 2015-12-04T08:21:34.837

Asked: 2015-12-03T07:15:45.363

Viewed: 255 times

Active: 2015-12-04T08:09:30.250