Re: id-aes256-GCM command line encrypt+decrypt fail
Thanks for the explanation Mr. Henson. I do not wish to take up too much of your time, but as I am still trying to understand OpenSSL, I would be grateful if you can add a few words on how you cope with this in TLS, and point me to the corresponding source code. Thanks again, Michel. Le 12/10/2012 19:26, Dr. Stephen Henson a écrit : On Fri, Oct 12, 2012, Michel wrote: I am guessing that 'special handling' is linked to the 'no additional authentication data' issue discussed in : http://incog-izick.blogspot.fr/2011_08_01_archive.html It's to do with the fact that additional parameters are required with GCM and how the tag should be handled. It might be appropriate to handle this by appending it to the output but that adds complications on decrypt in that you don't know in advance where the tag is and would need to buffer tag bytes of data until you hit EOF. None of this is handled by the cipher BIO used by the enc command some additional functionality will be needed for this (and CCM). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: id-aes256-GCM command line encrypt+decrypt fail
I am guessing that 'special handling' is linked to the 'no additional authentication data' issue discussed in : http://incog-izick.blogspot.fr/2011_08_01_archive.html Le 11/10/2012 22:33, Erik Tkal a écrit : I think Steve posted a while back that those ciphers require special handling and do not work with the enc command yet. Erik Tkal Juniper OAC/UAC/Pulse Development __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: id-aes256-GCM command line encrypt+decrypt fail
On Fri, Oct 12, 2012, Michel wrote: I am guessing that 'special handling' is linked to the 'no additional authentication data' issue discussed in : http://incog-izick.blogspot.fr/2011_08_01_archive.html It's to do with the fact that additional parameters are required with GCM and how the tag should be handled. It might be appropriate to handle this by appending it to the output but that adds complications on decrypt in that you don't know in advance where the tag is and would need to buffer tag bytes of data until you hit EOF. None of this is handled by the cipher BIO used by the enc command some additional functionality will be needed for this (and CCM). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
id-aes256-GCM command line encrypt+decrypt fail
Hello, I am trying to encrypt and decrypt a string using command-line openssl (1.0.1c) with the id-aes256-GCM algorithm, but every time it fails echo -n bla | openssl enc -e -id-aes256-GCM -nosalt -a -out t.out openssl enc -d -id-aes256-GCM -nosalt -a -in t.out bad decrypt This is true whether I use manually specified key/IV or password, with or without salt. The same commands work with other algorithms. What am I missing? Thanks Mark
Re: id-aes256-GCM command line encrypt+decrypt fail
See: http://marc.info/?l=openssl-usersm=134867395821086w=2 On 11 October 2012 17:19, e...@mit.edu e...@mit.edu wrote: Hello, I am trying to encrypt and decrypt a string using command-line openssl (1.0.1c) with the id-aes256-GCM algorithm, but every time it fails echo -n bla | openssl enc -e -id-aes256-GCM -nosalt -a -out t.out openssl enc -d -id-aes256-GCM -nosalt -a -in t.out bad decrypt This is true whether I use manually specified key/IV or password, with or without salt. The same commands work with other algorithms. What am I missing? Thanks Mark
RE: id-aes256-GCM command line encrypt+decrypt fail
I think Steve posted a while back that those ciphers require special handling and do not work with the enc command yet. Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of e...@mit.edu Sent: Thursday, October 11, 2012 12:19 PM To: openssl-users@openssl.org Subject: id-aes256-GCM command line encrypt+decrypt fail Hello, I am trying to encrypt and decrypt a string using command-line openssl (1.0.1c) with the id-aes256-GCM algorithm, but every time it fails echo -n bla | openssl enc -e -id-aes256-GCM -nosalt -a -out t.out openssl enc -d -id-aes256-GCM -nosalt -a -in t.out bad decrypt This is true whether I use manually specified key/IV or password, with or without salt. The same commands work with other algorithms. What am I missing? Thanks Mark