0

This question have been ask several time in StackExchange's network but for my specific target I can't find a work around.

I have an encrypted private key using AES(Advance Encryption Standard). All data that I have are as follow:

  1. Password
  2. iv(Initialization Vector)
  3. v(I think it is version, I'm not sure)
  4. iter
  5. cipher:"aes"
  6. salt
  7. ct

For example I have follow ciphertext of message test with password test generated by Standford Javascript Crypto Library

{"iv":"d2zscEJjWILOCfbgR8vrIg==",
"v":1,
"iter":1000,
"ks":128,
"ts":64,
"mode":"ccm",
"adata":"",
"cipher":"aes",
"salt":"fD0VonCNcWQ=",
"ct":"s7giov0Y59RCPu33"}

But I can't decrypt my own encrypted private key by Standford Javascript Crypto Library, so I want to use OpenSSL. The problem with OpenSSL is I got "Bad magic number" Error, suppose I want to decrypt mentioned ciphertext to got test message as follow:

openssl aes-128-cbc -d -iter 1000 -S 7C3D15A2708D7164 -iv 776CEC7042635882CE09F6E047CBEB22 -k test -in cipher.txt -out message.txt

But I got "Bad magic number" Error.

I have visited this answer but I can't solve this problem, It is possible I don't use commands correctly.I don't know how to correctly use |(pipe) and echo. My command is as follow:

echo s7giov0Y59RCPu33 | base64 -d | openssl aes-128-cbc -d -iter 1000 -S 7C3D15A2708D7164 -iv 776CEC7042635882CE09F6E047CBEB22 -k test -out message.txt -in
Improve this question

1 Answer 1

Reset to default
1

  1. "Salt" and "iterations" are parameters for specific key derivation functions (KDFs), so you also need to know which KDF was used in order to derive the key from the password.

    The SJCL library uses PBKDF2-SHA256 by default. Fortunately, that's also what openssl enc uses if you specify the -iter option. But do keep in mind that it's a recent addition to the OpenSSL CLI; older versions only support the legacy EVP_BytesToKey algorithm.

    (If you use libcrypto, it's up to you to call the KDF anyway, so you're still able to use PBKDF2 regardless of version – although you might need to reimplement it yourself.)

  2. openssl enc expects the input to have a header, consisting of the ASCII value Salted__ (that's the "magic number") followed by the 8-byte salt for the KDF. This is a convenience feature for CLI users, as it allows a single file to carry both the salt and the data.

    However, the SJCL "ct" parameter contains just the raw ciphertext, so you must use the -nosalt option to make OpenSSL accept it.

    (Just like SJCL, the OpenSSL libcrypto library works with raw data as well.)

  3. Finally, you must use the correct cipher mode. (A block cipher without a mode can only usefully encrypt one block, so you never use "just AES" – you combine it with some mode to chain the encryption, resulting in AES-CBC, AES-OFB, AES-GCM, etc.)

    SJCL uses AES128-CCM, but you're trying to decrypt using AES128-CBC. This won't work; you must use the exact same mode when decrypting, otherwise you'll just get garbage.

    Unfortunately, openssl enc does not appear to support "AEAD" modes like CCM or GCM. (They're supported by very recent libcrypto versions, but require a slightly different interface.)

Recommendation: Do not use the openssl command-line tool; instead write your own decrypt tool using a crypto library. (For example, Perl and CryptX.)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .