openssl problem decrypting passhrase-encrypted file using the derived IV, Key and Salt

Question

So I followed openssl: recover key and IV by passphrase and managed to retrieve my salt, key and IV using -P in openssl.

openssl enc -aes-256-cbc -in encrypted -pass "pass:password" -out m.jpg

this gives me the proper m.jpg file so I would assume

openssl enc -aes-256-cbc -d -in encrypted -pass "pass:password" -out m.jpg -P

gives me the right salt, key and IV:

salt=7A01E44D968CEBD0
key=6F4C7DD6F49D0605095CAD7EA2745913E83B71A52C34F2ED260544286FDEE78A
iv =0BBD122901B13F76D03ED2EBE4E8D1CC

Now when I tried to decrypt the encrypted file with the above salt, key and IV by doing

openssl enc -aes-256-cbc -d -in encrypted -K 6F4C7DD6F49D0605095CAD7EA2745913E83B71A52C34F2ED260544286FDEE78A -iv 0BBD122901B13F76D03ED2EBE4E8D1CC -S 7A01E44D968CEBD0 -out m.jpg

I wasn't able to decrypt the file. Maybe something's wrong with the format? So I tried putting them into quotes

openssl enc -aes-256-cbc -d -in encrypted -K "6F4C7DD6F49D0605095CAD7EA2745913E83B71A52C34F2ED260544286FDEE78A" -iv "0BBD122901B13F76D03ED2EBE4E8D1CC" -S "7A01E44D968CEBD0" -out m.jpg

and to no avail.

The --help states that

  -iv IV             IV to use, specified as a hexidecimal string
  -K key             Key to use, specified as a hexidecimal string 
  -S salt            Salt to use, specified as a hexidecimal string

which is exactly what I did. Unless there is a special way of passing the hex string?

Or had something gone wrong in my process of retrieving the IV, key and salt? (Or in the process of decrypting the file)?

score 5 · Accepted Answer · answered Oct 11 '18 at 15:02

Just to be clear, as the answer you reference points out openssl enc is quite terrible and was never intended to be used for anything other than testing.

The problem is with inconsistent formats. If you encrypt with a password, it will use the 16 byte Salted__ header that includes the salt used in the key derivation. If you use the key and IV directly there is no need to specify a salt, and it won't use the salt header. Since you encrypted with a password and later retrieved the key and IV, you'll need to strip off the first 16 bytes before decrypting.

$ echo test | openssl enc -aes-256-cbc -pass pass:password -base64
U2FsdGVkX1/hmWydD0WX5S5n369MQhQ6Q3w4pxLYrh8=

$ echo 'U2FsdGVkX1/hmWydD0WX5S5n369MQhQ6Q3w4pxLYrh8=' | openssl enc -aes-256-cbc -d -pass pass:password -base64 -P
salt=E1996C9D0F4597E5
key=90C6AF89C13459AD5F55B9CD72705249BC494F4539D2FA75B4C6E5B343D7FDB2
iv =3D29E6F33CBBDA72B6757B5078003B53

$ echo 'U2FsdGVkX1/hmWydD0WX5S5n369MQhQ6Q3w4pxLYrh8=' | base64 -d | tail -c+17 | openssl enc -aes-256-cbc -d -K 90C6AF89C13459AD5F55B9CD72705249BC494F4539D2FA75B4C6E5B343D7FDB2 -iv 3D29E6F33CBBDA72B6757B5078003B53
test

openssl problem decrypting passhrase-encrypted file using the derived IV, Key and Salt

1 Answers1