TripleDES encryption using OpenSSL enc subcommand

2

I have a tool which is using OpenSSL for RSA and DES/TDES operation. After processing by a tool, I got key = 4F324364970DBA5DE058EF0EAE54625E and the encrypted data is like data = D4B596A6724A32B4663965688F28E01C

Here when I try online tool DES_Calculator for decryption, got require plain text after decryption, what I found, need to try TDES with CBC mode.

I tried to do the same (decryption) with OpenSSL with following command:

 C:\OpenSSL-Win32\bin>openssl enc -d -des-ede-cbc -nosalt -k 4F324364970DBA5DE058
EF0EAE54625E -iv 0000000000000000 -in ENC_DATA -out ENC_DATA_O
bad decrypt
6088:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:.\
crypto\evp\evp_enc.c:529:

where content of ENC_DATA is likeENC_DATA

Here I want the same result as from the online tool.

Also the same command is working fine after -e option performed on same set of files. Could anybody tell me why this error occurs and how to remove it?

Arjun

Posted 2016-05-16T06:33:17.837

Reputation: 146

Answers

2

Try -K instead of -k. -k is used for passphrases and -K for keys in hexadecimals. You'd probably not require the -nosalt option anymore.

You need to use -nopad and remove the bit padding yourself.

Bit padding consists of a single bit set to 1 followed by multiple bits set to 0. If the plaintext consists of bytes - it usually does - then bit padding is equal to a single byte 80 followed by zero or more 00 valued bytes.

Nowadays PKCS#7 compatible padding is usually used. OpenSSL is only able to remove PKCS#7 padding.

Maarten Bodewes

Posted 2016-05-16T06:33:17.837

Reputation: 1 183

tried C:\OpenSSL-Win32\bin>openssl enc -d -des-ede-cbc -K 4F324364970DBA5DE058EF0EAE5 4625E -iv 0000000000000000 -in ENC_DATA -out ENC_DATA_O bad decrypt 6596:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:.
crypto\evp\evp_enc.c:529: – Arjun – 2016-05-16T11:43:31.200

2

@Arjun: Your encryption appears to have used one-and-zeros padding which OpenSSL does not support. You can decrypt with openssl enc -des-ede-cbc -d -K hex -iv hex -nopad and then remove the padding with a different tool (like perl) or manually.

– dave_thompson_085 – 2016-05-16T22:04:47.117

@dave_thompson_085 Thanks, I didn't take a look at that website. You can see the 00 valued bytes being added so I can confirm that this is what happens. – Maarten Bodewes – 2016-05-16T22:08:26.173

Actually it is bit padding, aligned to a byte boundary -- note it's one byte 80 then 6 bytes 00. (I didn't look at the website myself, just -nopad piped to hexdump.) – dave_thompson_085 – 2016-05-17T01:02:08.883

@dave_thompson_085 Then there is a difference between the site and the output of the "tool" :). Probably the 0x80 wasn't detected or printed. – Maarten Bodewes – 2016-05-17T01:04:30.257

Huh? the 'tool' in the message is the webpage www.emvlab.org/... which shows Output Data 31313131313131313180000000000000 which breaks up into bytes as 31 31 31 31 31 31 31 31 31 **80** 00 00 00 00 00 00 (emphasis added) which is the same result I got running <file openssl enc -d ... -nopad | od -tx1 on my system except the bytes are already conveniently separated. – dave_thompson_085 – 2016-05-17T03:45:42.560

@dave_thompson_085 -nopad works here, will have to remove padding (80 00...00) from other way. – Arjun – 2016-05-17T05:02:25.993

Asked: 2016-05-16T06:33:17.837

Viewed: 808 times

Active: 2016-05-19T06:39:56.287