Hi Daniel, >Option #1 from the possibilities you mentioned below seems to be the most logical to me. Thank you, that's very helpful.
Thanks, Chris On Mon, Jan 15, 2018 at 1:29 PM, Sands, Daniel <dnsa...@sandia.gov> wrote: > On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote: > > Hi Matt, > > >If you *are* using 1.1.0 then the default digest was changed between > 1.0.2 and 1.1.0. > Awesome thought, but I'm also using 1.0.2: > > $ openssl version > > OpenSSL 1.0.2k-fips 26 Jan 2017 > > (I also tried adding -md md5 to the previous command, but I got the same > error message). > > > Option #1 from the possibilities you mentioned below seems to be the most > logical to me. If you use the wrong key, the padding data in the last block > will also be decrypted to the wrong values, so the padding block check will > fail. The padding is a necessary part of decryption because it needs to > know how much plaintext is actually represented by that last block. > > > > I'm not sure how to interpret that output. I could interpret it as: > > o Your system for decrypting the password is perfect, but: this is not > > the right password. > > o There's something wrong with the EPK -- its length must be a multiple > > of the AES block length. > > o There's something wrong with the unencrypted private key -- its length > > must be a multiple of the AES block length. > > o Something else entirely > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
