> From: owner-openssl-us...@openssl.org On Behalf Of ~ Kunal Sharma ~
> Sent: Tuesday, 25 May, 2010 10:02
> I guess I need to supply the iv in hex format. Is it as simple as
replacing
> each ascii character of iv string with the equivalent hex value or
something else ?
> I use the passphrase "As different as chalk and cheese" ...
> On Tue, May 25, 2010 at 6:32 PM, Anand Patel
<anand.apa...@gmail.com> wrote:
> You need to use same iv and key for decryption.
> I believe the command is
> openssl enc -d -aes-256-cbc -K <key used to encrypt> -iv <iv
used to encrypt> ...
Both -K key and -iv iv must be hex; yes, character by character,
using whatever charset was used for your program. There are (still)
some machines that use EBCDIC, but you would be aware if you were
on one, so yes you were almost certainly in the ASCII subset common
to any likely charset (8859, Unicode, or Windows).
PS- You used that string directly as the key. Usually, including openssl,
something called a passphrase or password is not used directly as a key
but instead is run through a 'Key Derivation Function' such as PKCS5,
basically an iterated hash sometimes with other bits thrown in.
To avoid confusion I suggest you call the key a key.
I noticed you got exactly the right lengths (32 and 16 bytes).
I hope you are making any users aware they cannot just choose strings
they like (and can remember), and such limitation is OK with them.
Usually it isn't, which is part of the reason a KDF is used.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
