Thanks guys. It worked for me !! - Kunal
On Wed, May 26, 2010 at 6:51 AM, Dave Thompson <dthomp...@prinpay.com>wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of ~ Kunal Sharma > ~ > > Sent: Tuesday, 25 May, 2010 10:02 > > > I guess I need to supply the iv in hex format. Is it as simple as > replacing > > each ascii character of iv string with the equivalent hex value or > something else ? > > > I use the passphrase "As different as chalk and cheese" ... > > > On Tue, May 25, 2010 at 6:32 PM, Anand Patel > <anand.apa...@gmail.com> wrote: > > > You need to use same iv and key for decryption. > > I believe the command is > > openssl enc -d -aes-256-cbc -K <key used to encrypt> -iv > <iv > used to encrypt> ... > > Both -K key and -iv iv must be hex; yes, character by character, > using whatever charset was used for your program. There are (still) > some machines that use EBCDIC, but you would be aware if you were > on one, so yes you were almost certainly in the ASCII subset common > to any likely charset (8859, Unicode, or Windows). > > PS- You used that string directly as the key. Usually, including openssl, > something called a passphrase or password is not used directly as a key > but instead is run through a 'Key Derivation Function' such as PKCS5, > basically an iterated hash sometimes with other bits thrown in. > To avoid confusion I suggest you call the key a key. > > I noticed you got exactly the right lengths (32 and 16 bytes). > I hope you are making any users aware they cannot just choose strings > they like (and can remember), and such limitation is OK with them. > Usually it isn't, which is part of the reason a KDF is used. > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
