On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote: Hi Matt, >If you *are* using 1.1.0 then the default digest was changed between 1.0.2 and >1.1.0. Awesome thought, but I'm also using 1.0.2:
$ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 (I also tried adding -md md5 to the previous command, but I got the same error message). Option #1 from the possibilities you mentioned below seems to be the most logical to me. If you use the wrong key, the padding data in the last block will also be decrypted to the wrong values, so the padding block check will fail. The padding is a necessary part of decryption because it needs to know how much plaintext is actually represented by that last block. > I'm not sure how to interpret that output. I could interpret it as: > o Your system for decrypting the password is perfect, but: this is not > the right password. > o There's something wrong with the EPK -- its length must be a multiple > of the AES block length. > o There's something wrong with the unencrypted private key -- its length > must be a multiple of the AES block length. > o Something else entirely
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
