As it just so happens here is a gist implementing EVP_BytesToKey in Python: https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc -Marian Am 25.03.19 um 17:14 schrieb Tim Webber: > Thanks Marian. i did read the man pages for enc . not sure how that > gets you to the EVP_BytesToKey algorithm but thank you for providing > that page. i suspect it might be easier to have the folks encrypting > the data specifiy an IV rather than trying to figure out how to > implement EVP_BytesToKey in python. its not inconsequential. > > On Mon, Mar 25, 2019 at 5:08 AM Marian Beermann <public@xxxxxxxxx > <mailto:public@xxxxxxxxx>> wrote: > > Well let's just read the man pages, shall we? > > > -kfile filename > > Read the password to derive the key from the first line of filename. > > Then > > > -md digest > > Use the specified digest to create the key from the passphrase. > > The default algorithm is sha-256. > > And > > > -iv IV > > ... > > When a password is being specified using one of the other options, the > IV is generated from this password. > > The man page doesn't specify the key derivation algorithm, but a quick > glance at apps/enc.c shows that it uses EVP_BytesToKey, which is > documented here: > https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html > > -Marian > > Am 25.03.19 um 01:20 schrieb Tim Webber: > > I just posted a message which i have copied below to a python > forum. It > > might be better asked here. The coles notes version of my > question is this: > > > > I have received an encrypted data file (mydata.encrypted) and a key > > (plain text for now) and the following command to decrypt it: > > > > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out > > mydata.decrypted -kfile my_symmetric_key > > > > Question is this. How is the initialization vector calculated? This > > command works fine. My issues is that i dont know how the > > initialization vetor is calculated. I suspect if its left out > there is > > some default way of doing it. Can you tell me how its done? Thanks! > > > > ************************* ORIGINAL QUESTION to python community > > ****************** > > > > I have received an encrypted data file (mydata.encrypted) and a key > > (plain text for now) and the following command to decrypt it: > > > > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out > > mydata.decrypted -kfile my_symmetric_key > > > > The people who encrypted these data did so with openssl but I dont > know > > what the encrypt command looks like. I do know that the above command > > does decrypt the data successfully though. > > > > I want to use Python to decrypt this file. I am thinking of using > > cryptodome but am open to suggestions. Here's what i know from the > above > > openssl decrypt command. > > > > - its uses AES cbc 256 mode for the decryption ( -d ) > > - it uses base64 to encode the data "AFTER" (-a) the cryptographic > operation > > - it does not specify the initialization vector (IV). > > > > I am struggling with how to code for this using python. What I suspect > > is my problem is that i dont know how to properly calculate the IV. > > Looking at the openssl documentation they say to see "key > derivation" to > > find out how they handle IV when its not specified. I cant track down > > this key derivation information. Any help will be appreciated! > > ******************************* >
