Re: aes-cbc-256 mode descryption without an IV

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



As it just so happens here is a gist implementing EVP_BytesToKey in Python:
https://gist.github.com/tly1980/b6c2cc10bb35cb4446fb6ccf5ee5efbc

-Marian

Am 25.03.19 um 17:14 schrieb Tim Webber:
> Thanks Marian.  i did read the man pages for enc .  not sure how that
> gets you to the  EVP_BytesToKey algorithm but thank you for providing
> that page.  i suspect it might be easier to have the folks encrypting
> the data specifiy an IV rather than trying to figure out how to
> implement  EVP_BytesToKey in python.  its not inconsequential.
> 
> On Mon, Mar 25, 2019 at 5:08 AM Marian Beermann <public@xxxxxxxxx
> <mailto:public@xxxxxxxxx>> wrote:
> 
>     Well let's just read the man pages, shall we?
> 
>     >        -kfile filename
>     > Read the password to derive the key from the first line of filename.
> 
>     Then
> 
>     >        -md digest
>     > Use the specified digest to create the key from the passphrase.
>     > The default algorithm is sha-256.
> 
>     And
> 
>     >       -iv IV
>     > ...
>     > When a password is being specified using one of the other options, the
>     IV is generated from this password.
> 
>     The man page doesn't specify the key derivation algorithm, but a quick
>     glance at apps/enc.c shows that it uses EVP_BytesToKey, which is
>     documented here:
>     https://www.openssl.org/docs/man1.1.0/man3/EVP_BytesToKey.html
> 
>     -Marian
> 
>     Am 25.03.19 um 01:20 schrieb Tim Webber:
>     > I just posted a message which i have copied below to a python
>     forum.  It
>     > might be better asked here.  The coles notes version of my
>     question is this:
>     >
>     > I have received an encrypted data file (mydata.encrypted) and a key
>     > (plain text for now) and the following command to decrypt it:
>     >
>     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
>     > mydata.decrypted -kfile my_symmetric_key
>     >
>     > Question is this.  How is the initialization vector calculated?  This
>     > command works fine.  My issues is that i dont know how the
>     > initialization vetor is calculated.  I suspect if its left out
>     there is
>     > some default way of doing it.  Can you tell me how its done? Thanks!
>     >
>     > ************************* ORIGINAL QUESTION to python community
>     > ******************
>     >
>     > I have received an encrypted data file (mydata.encrypted) and a key
>     > (plain text for now) and the following command to decrypt it:
>     >
>     > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out
>     > mydata.decrypted -kfile my_symmetric_key
>     >
>     > The people who encrypted these data did so with openssl but I dont
>     know
>     > what the encrypt command looks like. I do know that the above command
>     > does decrypt the data successfully though.
>     >
>     > I want to use Python to decrypt this file. I am thinking of using
>     > cryptodome but am open to suggestions. Here's what i know from the
>     above
>     > openssl decrypt command.
>     >
>     > - its uses AES cbc 256 mode for the decryption ( -d )
>     > - it uses base64 to encode the data "AFTER" (-a) the cryptographic
>     operation
>     > - it does not specify the initialization vector (IV). 
>     >
>     > I am struggling with how to code for this using python. What I suspect
>     > is my problem is that i dont know how to properly calculate the IV.
>     > Looking at the openssl documentation they say to see "key
>     derivation" to
>     > find out how they handle IV when its not specified. I cant track down
>     > this key derivation information. Any help will be appreciated! 
>     > ******************************* 
> 




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux