I discovered the following recently while trying to decrypt an old file
encrypted with openssl 0.9.4. I thought this might be useful for others.
In openssl 0.9.5 (early 2000) the encryption utility (openssl enc command)
was changed to salt the encryption with a random 8-byte value. This improved
security for poorly chosen keys (see for example RFC 2405 under Security
Considerations, or Bellovin "Probable Plaintext Cryptanalysis of the IP
Security Protocols", for some discussion of why a random salt is a good
idea -- for my money I'd be more confident if I chose good keys with enough
bits).
Anyway, to do this, the encryption utility was changed to output 16
extra bytes at the start of the output stream, consisting of "Salted__"
and the 8-byte randomly-generated salt.
So, the output format changed incompatibly between 0.9.4 and 0.9.5.
You can make the 0.9.5 and later openssl enc command behave like
the 0.9.4 command by using the -nosalt command line option. This
would be particularly useful of course to decrypt a file encrypted
with 0.9.4 or earlier. Or, likely, some other crypto software.
If you don't know this, or forget it, you get the following only slightly
helpful error message :
bad magic number
Many thanks to the developers for their work on this enhancement and
all their other work on openssl.
David Oppenheim
[EMAIL PROTECTED]
As a postscript, I'd like to make the following suggestions mainly re
documentation of the openssl enc command.
It'd be good if there was no default for the cipher - currently openssl enc
just copies input to output if no cipher is given. This strikes me as
very dangerous.
It'd be good if the "bad magic number" error was made more helpful,
including perhaps a hint as to what to try next.
On the HTML help page :
-salt / -nosalt and -S salt are missing from the Synopsis
-S salt in the Options section is in a position that breaks the
logical flow - in the middle of key specification options -
rather than after -salt
Other missing options : -engine e
-v
-base64 (same as -a)
-none (null cipher)
In the program's help output :
- the following are missing :
-salt / -nosalt and -S salt
-v and -debug
-A
-none
-nopad
- the following are a bit confusing :
-K/-iv key/iv in hex is the next argument
would be better separate viz
-K <hex> key in hex
-iv <hex> IV in hex
-[pP] print the iv/key (then exit if -P)
would be better
-p or -P print the IV and key in hex (then exit if -P)
In the source of enc.c, the following comment's question "Is this a bug?"
should be deleted :
if (cipher != NULL)
{
/* Note that str is NULL if a key was passed on the command
* line, so we get no salt in that case. Is this a bug?
*/
because a bit further on the following catches the situation:
if ((hiv == NULL) && (str == NULL))
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
* making correct decryption impossible. */
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
