Using openssl-1.0.1g command line for simple file encryption/decryption, when I issue the commands
openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl openssl enc -d -aes-256-cbc -k secret -in file.ssl The contents of file.txt go to stdout as expected. However, when I issue the commands openssl enc -aes-256-gcm -k secret -in file.txt -out file.ssl openssl enc -d -aes-256-gcm -k secret -in file.ssl The contents of file.txt go to stdout but the string "bad decrypt" goes to stderr. Am I missing something or is there a bug in the openssl gcm implementation? I have tried substituting "-pass pass:secret" for "-k secret" and get the same results. If I had to venture a guess, I would expect that the decrypt option verifies that the input represents a full block of data and throws the error when the gcm encrypted file does not end on a block boundary.
