Python – How do I (successfully) decode encoded ciphers from command line openSSL?

How do I (successfully) decode encoded ciphers from command line openSSL?… here is a solution to the problem.

How do I (successfully) decode encoded ciphers from command line openSSL?

Use PyCrypto (although I also tried using OpenSSL binding (bind) in ObjC):

from Crypto.Cipher import DES
import base64
obj=DES.new('abcdefgh', DES. MODE_ECB)
plain="Guido van Rossum is a space alien. XXXXXX"
ciph=obj.encrypt(plain)
enc=base64.b64encode(ciph)
#print ciph
print enc

Output base64-encoded value:

ESzjTnGMRFnfVOJwQfqtyXOI8yzAatioyufiSdE1dx02McNkZ2IvBg==

If you are in the interpreter, CIPH will give it to you

'\x11,\xe3Nq\x8cDY\xdfT\xe2pA\xfa\xad\xc9s\x88\xf3,\xc0j\xd8\xa8\xca\xe7\xe2I\xd15w\x1d61\xc3dgb/\x06'

Very simple. I should be able to pipe this output to OpenSSL and decode it:

I tested to make sure the b64 decoding works –

python enctest.py | openssl enc -base64 -d
+ python enctest.py
+ openssl enc -base64 -d
,? Nq? DY? T?pA??? s??,?jب??? I?5w61?dgb/

Not pretty, but you can see that it decodes fine, “dgb” and “nq” are still there.

But go all out:

python enctest.py | openssl enc -base64 -d | openssl enc -nosalt -des-ecb -d -pass pass:abcdefgh
+ python enctest.py
+ openssl enc -nosalt -des-ecb -d -pass pass:abcdefgh
+ openssl enc -base64 -d
bad decrypt
15621:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:
j?7???? vc]??? LE?m³?? q?

What am I doing wrong? I’ve tried using -k abcdefgh -iv 00000000000000000 or interactively entering passwords – same issue.

Solution


echo ESzjTnGMRFnfVOJwQfqtyXOI8yzAatioyufiSdE1dx02McNkZ2IvBg== | openssl enc -nopad -a -des-ecb -K 6162636465666768 -iv 0 -p -d

6162636465666768 is ASCII “abcdefgh” written in hexadecimal.

Note, however, that DES

in ECB mode may not be a good way to encode passwords, nor is it the “DES crypt” you may have heard of used on Unix systems.
(For passwords, it’s usually best to use an algorithm that is difficult to reverse (checking the password by regenerating the result instead of decrypting the stored password). Even if you do need to be able to decrypt these encrypted passwords, single DES and the ECB in particular are poor choices in terms of confidentiality. )

Related Problems and Solutions

  1. -w What specifies in perl script process execution
  2. .NET Core applications on Linux (Redhat) create mysterious “.net” directories/files in the user’s home directory
  3. Erlang: How do I make a connected external OS process die automatically when the Erlang process crashes?
  4. git push node js fails on Azure linux and kudu wants to run dotnet commands
  5. How to create rich text input like Telegram or WhatsApp chat pages in Flutter?
  6. How do I install chrome on Amazon Linux 2?
  7. How do I fix pyodbc installation error on Ubuntu 20.04?
  8. bash echo doesn’t work after grep returns nothing