[Pkg-openssl-devel] Bug#790883: Possible workaround
Marcin Owsiany
marcin at owsiany.pl
Tue Jan 17 15:49:15 GMT 2023
The command from the original report fails for me with openssl 3.0.7 with
>>bad decrypt<< even with the newline.
I came up with a slightly different set of commands that reproduce this
behaviour, and which also includes -pbkdf2 that now seems to be required to
avoid a warning.
porridge at fujitsu:~$ echo peekaboo | openssl enc -aes-256-cbc -pbkdf2 -pass
pass:bar -base64
U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg=
porridge at fujitsu:~$ echo -n U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg= |
openssl enc -aes-256-cbc -pbkdf2 -pass pass:bar -d -base64
error reading input file
I also learned about the -A flag which seems to make openssl work in this
case:
porridge at fujitsu:~$ echo -n U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg= |
openssl enc -aes-256-cbc -A -pbkdf2 -pass pass:bar -d -base64
peekaboo
However even in the manpage it is mentioned to be buggy:
The -A option when used with large files doesn't work properly.
I also found an upstream issue about base64 handling which seems to be
closely related to this bug report:
https://github.com/openssl/openssl/issues/18780
Jean-Michel, if you consider this a good enough workaround for your use
case, please consider closing this bug.
Marcin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20230117/f0db9e80/attachment.htm>
More information about the Pkg-openssl-devel
mailing list