How do I (successfully) decode encoded ciphers from command line openSSL?
Use PyCrypto (although I also tried using OpenSSL binding (bind) in ObjC):
from Crypto.Cipher import DES import base64 obj=DES.new('abcdefgh', DES. MODE_ECB) plain="Guido van Rossum is a space alien. XXXXXX" ciph=obj.encrypt(plain) enc=base64.b64encode(ciph) #print ciph print enc
Output base64-encoded value:
If you are in the interpreter, CIPH will give it to you
Very simple. I should be able to pipe this output to OpenSSL and decode it:
I tested to make sure the b64 decoding works –
python enctest.py | openssl enc -base64 -d + python enctest.py + openssl enc -base64 -d ,? Nq? DY? T?pA??? s??,?jب??? I?5w61?dgb/
Not pretty, but you can see that it decodes fine, “dgb” and “nq” are still there.
But go all out:
python enctest.py | openssl enc -base64 -d | openssl enc -nosalt -des-ecb -d -pass pass:abcdefgh + python enctest.py + openssl enc -nosalt -des-ecb -d -pass pass:abcdefgh + openssl enc -base64 -d bad decrypt 15621:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461: j?7???? vc]??? LE?m³?? q?
What am I doing wrong? I’ve tried using -k abcdefgh -iv 00000000000000000 or interactively entering passwords – same issue.
echo ESzjTnGMRFnfVOJwQfqtyXOI8yzAatioyufiSdE1dx02McNkZ2IvBg== | openssl enc -nopad -a -des-ecb -K 6162636465666768 -iv 0 -p -d
6162636465666768 is ASCII “abcdefgh” written in hexadecimal.
Note, however, that DES
in ECB mode may not be a good way to encode passwords, nor is it the “DES crypt” you may have heard of used on Unix systems.
(For passwords, it’s usually best to use an algorithm that is difficult to reverse (checking the password by regenerating the result instead of decrypting the stored password). Even if you do need to be able to decrypt these encrypted passwords, single DES and the ECB in particular are poor choices in terms of confidentiality. )