Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it. Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP is the intended way but there are no PHP bindings, only C from what I can tell. As a bit of background, I need to send an encrypted token to a client, which will return it when communicating back with the server. I need some form of authenticated encryption for that and OpenSSL seems like a perfect fit. Thanks for your help. Sent from my mobile > On Feb 9, 2015, at 9:23 PM, Dr. Stephen Henson <steve at openssl.org> wrote: > >> On Mon, Feb 09, 2015, Sec_Aficionado wrote: >> >> Hello, >> >> I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject. >> >> My command is: >> openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt >> >> I get prompted for password as expected. >> >> The encryption goes well, and then I proceed to decrypt using: >> openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt >> >> The program executes but I get a "bad decrypt" message. However, when I open dec.txt, it is the same as the original file payload.txt >> >> My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually. >> >> Can someone please explain to me why this might be happening? >> >> I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches. > > AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL > throw out and error message if you try to use it from the command line. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
