On Thu, Jan 13, 2022 at 03:50:15AM +0000, Ricky Cintron wrote: > ????????????????????? Original Message ????????????????????? > > On Wednesday, January 12th, 2022 at 1:14 PM, Crystal Kolipe > <kolip...@exoticsilicon.com> wrote: > > > On Wed, Jan 12, 2022 at 08:56:19PM +0000, Ricky Cintron wrote: > > > > > As the subject reads, I am suddenly unable to decrypt a file that I > > > encrypted > > > > > > with LibreSSL. When I try, I get the following message: > > > > > > bad decrypt > > > > > > 11957684617984:error:06FFF064:digital envelope routines:CRYPTO_internal: \ > > > > > > bad decrypt:/usr/src/lib/libcrypto/evp/evp_enc.c:549: > > > > > > I haven't been able to figure out the cause, so I'm looking for guidance. > > > > That error message is very non-specific, and can have many causes. > > > > > Some more information: > > > > > > I encrypted this file around September or October of 2021 using the > > > following > > > > > > command: > > > > > > $ openssl aes-256-cbc -e -a -salt -in <file> -out <file> > > > > > > And to decrypt it, I use > > > > > > $ openssl aes-256-cbc -d -a -in <file> -out <file> > > > > > > I also configured neovim to allow me to open and overwrite the file > > > > > > transparently, using an autocmd group, which has worked without issue. I > > > > > > upgraded my -current system on Saturday, January 8 (OpenBSD 7.0-current > > > > > > (GENERIC.MP) #242: Sat Jan 8 12:33:38 MST 2022), and I was able to > > > decrypt it > > > > > > with neovim on Monday, but I didn't modify/write the file (it was last > > > modified > > > > > > on Dec 20 2021). I attempted to open the file again in neovim on Tuesday, > > > but > > > > > > was presented with the 'bad decrypt' message instead. I initially tried in > > > > > > neovim, but I'm seeing the same message when I use the openssl command > > > (above) > > > > > > directly. > > > > Just to confirm, you were able to decrypt it once after the system upgrade > > on > > > > the 8th, but subsequently failed, the file itself has, (apparently), not > > been > > > > modified, and you have not made any other changes to the system? > > > > When you attempt to decrypt from the command line, do you get partial > > decrypted > > > > output, I.E. the beginning of the expected plaintext? A truncated ciphertext > > > > can cause the 'bad decrypt' error, but the start of the file will be > > correctly > > > > decrypted. > > > > Since your encrypted file is base64 encoded, have you looked at it and > > checked > > > > that it's not corrupted? For example, 512 bytes of all 0x00 or 0xFF > > somewhere > > > > in it would obviously be suspicious. > > > > Are you absolutely sure that you are using the correct passphrase? > > > > Finally, and this is NOT your problem, but I'm mentioning it for the > > benefit of > > > > anybody searching the mailing list archives with a similar problem: a > > number of > > > > years ago the default message digest for OpenSSL changed, (from md5 to > > sha256), > > > > and files encrypted with the old md will need -md md5 specified on the > > command > > > > line to decrypt them with current versions of OpenSSL or LibreSSL. But that > > is > > > > not the issue here. > > I was going to respond to each of your questions individually, but when I > went to > copy/paste the additional text that is printed along with the 'bad decrypt' > message to stdout (when not using the -out option), my muscle memory > apparently > kicked in just enough to hint that I was possibly messing up the password. So > yeah, I can confirm that, for some absurd reason, I had mixed up some symbols > in > the password, and after correcting it, I am now able to decrypt the file > again. > That's two days of attempting the wrong password. Just stunning. :|
It's nowhere near as uncommon as you think. We once had somebody bring us a file that "wouldn't decrypt" with the correct passphrase. Suspecting that it was a typo made whilst encrypting, we wrote a program to brute-force the possible key- strokes around the given keys. For example, if the first character was supposedly 'f', we tested e, r, t, d, f, g, c, v, and b in that position. With a few optimisations to test what seemed the most likely combinations first, we found the actual passphrase fairly quickly. Comparing the two, we concluded that he had offset the characters typed with the left hand by one position to the right. Luckily in your case, the typo was being made at the point of decryption. If the way you've got neovim set up is that it asks you for the passphrase each time, for both decryption and later encryption of the saved file, and if you intend to use the same passphrase each time, you might want to add an extra step to check that the original file can still be decrypted with the new passphrase you just entered before overwriting it, thereby checking that you entered it correctly. I.E. * Ask for decryption passphrase and decrypt original ciphertext * Edit plaintext version and save modified plaintext * Ask for encryption passphrase * Decrypt original ciphertext with passphrase just entered * If and only if it decrypts without error, then overwrite the old ciphertext with the new one. Otherwise, throw a warning message, ask for confirmation or whatever is appropriate in your case. > The odd thing is I'm pretty sure that I've seen a different message when using > an incorrect password, so although I considered it, it didn't seem likely. Rarely, you might see the bad decrypt message referencing line 554 instead of 549, so be careful if you try to parse the error messages in scripts.
