Reputation: 123
Decrypt .enc with .pem openssl
I'm trying to decrypt a .enc file with openssl. I have the .pem key available.
This is what I'm doing:
openssl rsautl -decrypt -in file.enc -out dec.txt -inkey private.pem
And returns the following:
data greater than mod len
Is there anything I'm missing?
Upvotes: 1
Views: 2820
Answers (1)
Reputation: 93968
We don't know how the file was created or what the contents are. It seems your private key parses correctly, but the modulus has a certain amount of bits, say 2048 bits. That means that raw RSA - modular exponentiation - can only encrypt as many bytes as there are in the modulus.
To be even more precise, the data, when converted to a number using unsigned big endian encoding should be smaller than the modulus as number. If your data is larger in size then the decryption will fail, which means it is either generated differently - it may have additional encoding, for instance - or it has been generated with a different, larger RSA key.
Note that the data that can be encrypted is significantly smaller due to the padding overhead, which is required to make RSA secure. The padding is performed over the input message, before number conversion & modular exponentiation. Also note that RSA is always performed just once, it is not repeated as for instance usual for block ciphers.
So you're not missing something, you're rather having too many bytes in file.enc.
Upvotes: 2
Related Questions
- Add password to openssl .pem file from -password
- How to extract the RSA public key from a .cer and store it in a .pem using OpenSSL?
- How do I use OpenSSL in the terminal to convert a .pem file to other formats?
- Decrypting with openssl enc
- Encrypt message with RSA private key (as in OpenSSL's RSA_private_encrypt)
- Openssl RSA encrypt and decrypt in C
- Openssl decryption not working
- openssl convert text to pem
- OpenSSL encrypting with public pem in objective-c
- How can I decrypt encrypted files using a PEM private key?