CODEWITHSUNDEEP
encryptionopensslcryptographyaes
Umang
Umang

Reputation: 593

AES encryption with plain text key using bash openssl

I am trying to encrypt a string using AES CBC. The output of the online tool (http://aes.online-domain-tools.com/) and the bash openssl command do not match. Can anyone help me with what I am doing wrong?

key = 12345678912345678912345678912345 iv="e90e89a2277f4f3b6a2080d27f734266" #using the one generated by online tool openssl enc -aes-256-cbc -in input.txt -out output.txt -K $key -iv $iv

EDIT - more info on the settings chosen on the site -

Input type - plain text Function - AES Mode - CBC Key - (plain) - 12345678912345678912345678912345 Init Vector - e9 0e 89 a2 27 7f 4f 3b 6a 20 80 d2 7f 73 42 66

Upvotes: 0

Views: 10265

Answers (1)

vlp
vlp

Reputation: 8116

Both

openssl aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad

and

openssl enc -aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad

work for me for the file generated by the online calculator using the following settings:

  • Input type: Text

  • Input(Plaintext): TESTTESTTESTTEST

  • Function: AES

  • Mode: CBC

  • Key(HEX): 12345678912345678912345678912345

  • Init. vector: e90e89a2277f4f3b6a2080d27f734266

  • Operation: ENCRYPT

EDIT:

I confirmed that the online tool does zero padding, but openssl expects PKCS#5 (also known as PKCS#7) padding:

All the block ciphers normally use PKCS#5 padding also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.

So the following argument is needed:

-nopad disable standard block padding

See e.g. here.

Beware that your output plaintext will have up to 15 extra binary zero bytes (\x00)

EDIT2:

(I am sorry I misunderstood the question, thought you wanted to check the result of the online tool)

To perform the same operation as the online tool:

echo -n "TESTTESTTESTTEST" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-1.dat

This one uses echo -n to feed the input data. If you are not working on a system capable of this, you will have to prepare a file input.txt, which contains the string TESTTESTTESTTEST (please do check that its length is 16 bytes -- i.e. no newline at the end). Then use the -in input.txt option:

openssl aes-128-cbc -in input.txt -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-2.dat

When the message is not block-size aligned (i.e. its length is not divisible by 16 without a remainder) you have to apply zero padding (append to end that many binary zeroes, to make it block-aligned).

So to encrypt the string "TESTTESTTEST" (its length is 12, you must add 4 binary zeroes to block-align it to 16):

echo -ne "TESTTESTTEST\x00\x00\x00\x00" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-3.dat

(The -e in echo enables interpretation of backslash escapes for the \x00 to work)

EDIT3(bonus one):

To perform the zero padding using shell:

input="TESTTESTTEST"
( echo -n "${input}" ; head -c 15 /dev/zero ) | head -c "$((((${#input}+15)/16)*16))" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-4.dat

Upvotes: 2

Related Questions