RE: Trying to encrypt with openssl commandline and decrypt using aes or evp

Thu, 03 Sep 2009 16:36:16 -0700 

> From: owner-openssl-us...@openssl.org On Behalf Of Hazel John
> Sent: Thursday, 03 September, 2009 15:25

> openssl enc -aes-256-cbc -K
> 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E
> 1F -iv 00112233445566778899AABBCCDDEEFF -e -in input.txt -out 
> output.enc
> [and same with -d]

I note these do not have -a, which you mentioned upthread,
and so produce and expect raw "binary" data not "readable".

>       AES_KEY key;
>       string sInput;
>       cout << " enter string (size < 128) : ";
>       cin >> sInput;
>       cout << "input is " << sInput << endl;
> 
This will read only one whitespace-delimited token 
aka word. Is that what you want?

>       int inlen = sInput.size();
> 
>       unsigned char pIV[16];
>       unsigned char pIn[128];
>       unsigned char pOut[128];
>       memset(pOut, 0, 128);
>       memset(pIn, 0, 128);
> 
>       memcpy(pIn, sInput.c_str(), inlen);
>       AES_set_encrypt_key(aes_key, 256, &key);
>       //AES_ecb_encrypt(input, pOut, &key, AES_ENCRYPT);
>       memcpy(pIV, aes_iv, 16);
>       AES_cbc_encrypt(pIn, pOut, inlen, &key, pIV, AES_ENCRYPT);

commandline enc does PKCS5 block padding (at least for block modes) 
unless you specify -nopad (and then you can only do full block data).
EVP does this (if enabled) but the cipher-level primitives don't.
Either do padding yourself; have EVP do padding; or use enc -nopad.

>       cout << "encrypted output is: ";
>       for (unsigned int i = 0; i < 128; ++i)
>       {
>               cout << hex << showbase << pOut[i];
>       }
>       cout << endl;

This outputs the raw data; pOut[i] is an unsigned char, 
and is therefore output as a char, not converted to hex.
If you make it (int)pOut[i], it does convert, 
but the results are run together and hard to read.
This is one situation where C(style) printf can be easier.

Also commandline enc doesn't output or input ciphertext in hex.
By default it does raw "binary", with -a it does base64. 
If you want to match or complement it, you must do one of those.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to