Getting 'error reading input file' and 'bad magic number' when I try to decrypt an aes-128-cbc encrypted file

Question

I've been given an aes-128-cbc encrypted file to decrypt. When I run the openssl command, it keeps giving me an error saying 'error reading input file'

This is my command:

openssl enc -in "$ciphertext_file" -d -aes-128-cbc -md md5 -pass pass:"$password" -pbkdf2

(It's part of a bash script)

If I add the -a flag, it gives me the 'bad magic number' error.

When I made my own encrypted file and decrypted it using the same command, it worked. I included the -a flag in both commands for this.

So, my theory is that the file given to me isn't base64 encoded and that's why I'm getting the error. If that's the case how can I decode it?

Answer 1

Given your description:

The plaintext was encrypted using 128-bit AES with CBC mode using a single openssl enc command with no salting used, and using a password

First, you've added -md md5. Nothing the above description suggests that this uses MD5 hashing, so why did you add that? Unless there is more instruction, remove that. (If you've copied this line from somewhere, you can't do that without checking each parameter and making sure you know what it's for. Encryption algorithms are extremely precise.) Similarly, you've added -pbkdf2. Why? Do not add random options.

The instructions also say that no salting was used. Salting is the default. You must pass -nosalt to disable it.

If you're taking a class that includes cryptographic tools, you absolutely must read the documentation for those tools, in this case, the openssl-enc man page. You cannot copy random things you find online. You cannot ask ChatGPT. You have to read the docs and know why each parameter is there and what it is doing. When you misuse cryptographic tools you do not get useful errors generally, and you do not get "something close" that you can iterate on. It is either perfect, or completely wrong, so you have to read the docs.

---

So, my theory is that the file given to me isn't base64 encoded and that's why I'm getting the error. If that's the case how can I decode it?

The -a parameter requires that the input be in Base64. If it isn't (you can look and see), and your instructions don't give any suggestion that it is, then you should not add -a.

The plaintext was encrypted using 128-bit AES with CBC mode using a single openssl enc command with no salting used, and using a password

If these instructions you've written here are the exact, entire instructions, then they describe the following encryption:

• "encrypted" -> enc
• "The plaintext" -> -in file
• "using 128-bit AES with CBC mode" -> -aes-128-cbc
• "with no salting used" -> -nosalt
• "using a password" -> -pass pass:password

openssl enc -in "$ciphertext_file" -aes-128-cbc -nosalt -pass pass:"$password"

And the decryption would be the same, adding -d.