Hi Matt, >If you *are* using 1.1.0 then the default digest was changed between 1.0.2 and 1.1.0. Awesome thought, but I'm also using 1.0.2:
$ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 (I also tried adding -md md5 to the previous command, but I got the same error message). Thanks, Chris On Sun, Jan 14, 2018 at 6:03 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 14/01/18 15:26, Chris B wrote: > > I'm trying to help someone recover his password for an older format > > ethereum encrypted private key (EPK). My plan has been to use his best > > guess at the password to brute force the actual password. > > > > The EPK is a 132 character string, and it looks something like this: > > U2FsdGV0X185M9YAa/27pmEvFzC5pqLI4xWrA6ouGVCx0EeJ > 9s8DzeGuBtYJPDCKDy0m80yvHdQYDMPa+Hwv2JPbuGJNoUMhFWpcQW1VF+ > EAy0tYb7Wtv2+IRWZzcpsE8e2a > > > > (That is: 128 ASCII digits and/or letters, plus three "+" and a "/".) > > > > This article > > (https://www.reddit.com/r/Bitcoin/comments/3gwdge/ > importing_old_encrypted_private_keys/) > > seems to describe a very similar EPK. The author of that post decrypted > > their key with the following command: > > > > openssl enc -in FILE_OF_KEYS -a -d -salt -aes256 -pass > pass:"PASSWORD_HERE" > > > > I have tried this same approach, but I'm getting an error: > > > > EVP_DecryptFinal_ex:wrong final block length > > What version of OpenSSL are you using. The quoted article was written 2 > years ago so definitely wasn't using OpenSSL 1.1.0. If you *are* using > 1.1.0 then the default digest was changed between 1.0.2 and 1.1.0. Old > OpenSSL "enc" output defaulted to md5. The current default is sha256: > > https://www.openssl.org/docs/faq.html#USER3 > > Try adding "-md md5" onto your command line. > > Matt > > > > > > Here's an example: > > > > /usr/bin/openssl enc -d -aes-256-cbc -a -in enc_private_key.txt -out > > recovered.key -pass pass:TheBig7ebowski > > > > And here's the output: > > > > bad decrypt > > > > 140220549330848:error:0606506D:digital envelope > > routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:581: > > > > I'm not sure how to interpret that output. I could interpret it as: > > o Your system for decrypting the password is perfect, but: this is not > > the right password. > > o There's something wrong with the EPK -- its length must be a multiple > > of the AES block length. > > o There's something wrong with the unencrypted private key -- its length > > must be a multiple of the AES block length. > > o Something else entirely > > > > Can anyone help me understand how to interpret this error message? > > > > Thanks, > > Chris > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
