1
I am working on a little script that crypts a file to be sent to one of our suppliers.
The workflow is as follows:
- We created a key, which we asymetric crypt using the public key they have provided
- With crypted key, we make a symetric encryption of the file we need to send
- We then compress both files (key + file)
- Once received, they unzip the file
- They uncrypt the key using their private key
- Then they uncrypt the file by using the key decrypted
Here are the commands used:
ON LINUX
openssl rand -base64 30 > my.key
chmod 700 my.key
openssl enc -aes-256-cbc -in myfile.zip -out myfile.bin -kfile my.key
openssl rsautl -encrypt -pubin -inkey supplier_key.pem -in my.key -out encrypted.key
ON WINDOWS
openssl\bin\openssl.exe rand -base64 30 > my.key
openssl\bin\openssl.exe enc -aes-256-cbc -in myfile.zip -out myfile.bin -kfile my.key
openssl\bin\openssl.exe rsautl -encrypt -pubin -inkey supplier_key.pem -in my.key -out encrypted.key
We have to do this because the file is too big to be asymetric crypted.
To do that, I was at first on a cygwin environment, and it was working perfectly. But now, I have to make it run on a full Windows environment. I have adapted the script, and downloaded the openssl program for windows.
But, when our supplier receives the file, the step 6) is not working :/
They have this error :
> bad decrypt 6566:error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:325:
I have changed absolutely nothing to the way of work, the script is basically the exact same, so I don't see why the decryption of the file is not working (they can though decrypt the key)
What exact commands are you using for each encryption step? Have you tried decrypting the files yourself (if so, exactly what commands?) What version of OpenSSL are you using? What version is the supplier using?
openssl version
– RedGrittyBrick – 2012-08-30T09:10:48.030Are you sure the file is the same in both places? Transmit a checksum and have them verify it. – Ignacio Vazquez-Abrams – 2012-08-30T09:21:15.397
hi, here are the command used: ON LINUX openssl rand -base64 30 > my.key chmod 700 my.key openssl enc -aes-256-cbc -in myfile.zip -out myfile.bin -kfile my.key openssl rsautl -encrypt -pubin -inkey supplier_key.pem -in my.key -out encrypted.key ON WINDOWS openssl\bin\openssl.exe rand -base64 30 > my.key openssl\bin\openssl.exe enc -aes-256-cbc -in myfile.zip -out myfile.bin -kfile my.key openssl\bin\openssl.exe rsautl -encrypt -pubin -inkey supplier_key.pem -in my.key -out encrypted.key
openssl versions differs slighlty but, as they can decrypt the key, i assume it is not an issue. Thx. – Zapp – 2012-08-30T13:43:46.270