How can I encrypt / decrypt AES-256 CBC with OpenSSL?












1















I just installed Linux (Ubuntu) for the first time and downloaded package OpenSSL as well. Opened command line as well and tried some commands but none of them worked.



So what I have is initial vector: 5a04ec902686fb05a6b7a338b6e07760, also have ciphertext: 14c4e6965fc2ed2cd358754494aceffa and the corresponding plaintext: We're blown. Run



Now I imagine there must be a command where you enter the initial vector and the plaintext and as a result you should get the ciphertext...?
Antother possibility: Enter initial vector and ciphertext, get the plaintext.



But how can I do this in the command line? I've already tried the command:



openssl aes-256-cbc -e -nosalt -a -in  input.txt -out  output.txt -k key -iv ivkey


about input.txt: I have created this file on my Desktop and wrote the plaintext in it. About output.txt, I created it as well and put it on Desktop, it's empty. After using this command, nothing happens!



Is there any other command that could help me? I have also tried to find some helpful tool on the internet but nothing seemed to work! : /






encryption aes decryption







share|improve this question













migrated from security.stackexchange.com Jun 8 '18 at 12:15


This question came from our site for information security professionals.











  • 1





    The -k should be -K if you want to specify the raw hex key.

    – forest
    Jun 1 '18 at 16:17






  • 1





    You also don't want -a if you want a hex output. Pipe it to xxd instead. Since the plaintext and ciphertext are both exactly 16 bytes you'll also want -nopad.

    – AndrolGenhald
    Jun 1 '18 at 16:22






  • 1





    Then it seems it doesn't realize that you are specifying the raw keys. Remember to use -K with the hex key and -iv with the hex IV. That will allow it to take that directly rather than prompting you for a password. When it's asking you for a password, it is looking for ASCII which it will hash with SHA-256 (on newer builds) or MD5 (on older builds) before using directly as the key.

    – forest
    Jun 1 '18 at 16:29






  • 1





    You have to use the key used to encrypt it. If you don't know the key you can't decrypt it...that's how cryptography works.

    – AndrolGenhald
    Jun 1 '18 at 16:33






  • 2





    You're still missing the -K. And what's the xxd in there for? You'd want to use xxd to view the file after decryption.

    – forest
    Jun 1 '18 at 16:57
















1















I just installed Linux (Ubuntu) for the first time and downloaded package OpenSSL as well. Opened command line as well and tried some commands but none of them worked.



So what I have is initial vector: 5a04ec902686fb05a6b7a338b6e07760, also have ciphertext: 14c4e6965fc2ed2cd358754494aceffa and the corresponding plaintext: We're blown. Run



Now I imagine there must be a command where you enter the initial vector and the plaintext and as a result you should get the ciphertext...?
Antother possibility: Enter initial vector and ciphertext, get the plaintext.



But how can I do this in the command line? I've already tried the command:



openssl aes-256-cbc -e -nosalt -a -in  input.txt -out  output.txt -k key -iv ivkey


about input.txt: I have created this file on my Desktop and wrote the plaintext in it. About output.txt, I created it as well and put it on Desktop, it's empty. After using this command, nothing happens!



Is there any other command that could help me? I have also tried to find some helpful tool on the internet but nothing seemed to work! : /






encryption aes decryption







share|improve this question













migrated from security.stackexchange.com Jun 8 '18 at 12:15


This question came from our site for information security professionals.











  • 1





    The -k should be -K if you want to specify the raw hex key.

    – forest
    Jun 1 '18 at 16:17






  • 1





    You also don't want -a if you want a hex output. Pipe it to xxd instead. Since the plaintext and ciphertext are both exactly 16 bytes you'll also want -nopad.

    – AndrolGenhald
    Jun 1 '18 at 16:22






  • 1





    Then it seems it doesn't realize that you are specifying the raw keys. Remember to use -K with the hex key and -iv with the hex IV. That will allow it to take that directly rather than prompting you for a password. When it's asking you for a password, it is looking for ASCII which it will hash with SHA-256 (on newer builds) or MD5 (on older builds) before using directly as the key.

    – forest
    Jun 1 '18 at 16:29






  • 1





    You have to use the key used to encrypt it. If you don't know the key you can't decrypt it...that's how cryptography works.

    – AndrolGenhald
    Jun 1 '18 at 16:33






  • 2





    You're still missing the -K. And what's the xxd in there for? You'd want to use xxd to view the file after decryption.

    – forest
    Jun 1 '18 at 16:57














1












1








1








I just installed Linux (Ubuntu) for the first time and downloaded package OpenSSL as well. Opened command line as well and tried some commands but none of them worked.



So what I have is initial vector: 5a04ec902686fb05a6b7a338b6e07760, also have ciphertext: 14c4e6965fc2ed2cd358754494aceffa and the corresponding plaintext: We're blown. Run



Now I imagine there must be a command where you enter the initial vector and the plaintext and as a result you should get the ciphertext...?
Antother possibility: Enter initial vector and ciphertext, get the plaintext.



But how can I do this in the command line? I've already tried the command:



openssl aes-256-cbc -e -nosalt -a -in  input.txt -out  output.txt -k key -iv ivkey


about input.txt: I have created this file on my Desktop and wrote the plaintext in it. About output.txt, I created it as well and put it on Desktop, it's empty. After using this command, nothing happens!



Is there any other command that could help me? I have also tried to find some helpful tool on the internet but nothing seemed to work! : /






encryption aes decryption







share|improve this question














I just installed Linux (Ubuntu) for the first time and downloaded package OpenSSL as well. Opened command line as well and tried some commands but none of them worked.



So what I have is initial vector: 5a04ec902686fb05a6b7a338b6e07760, also have ciphertext: 14c4e6965fc2ed2cd358754494aceffa and the corresponding plaintext: We're blown. Run



Now I imagine there must be a command where you enter the initial vector and the plaintext and as a result you should get the ciphertext...?
Antother possibility: Enter initial vector and ciphertext, get the plaintext.



But how can I do this in the command line? I've already tried the command:



openssl aes-256-cbc -e -nosalt -a -in  input.txt -out  output.txt -k key -iv ivkey


about input.txt: I have created this file on my Desktop and wrote the plaintext in it. About output.txt, I created it as well and put it on Desktop, it's empty. After using this command, nothing happens!



Is there any other command that could help me? I have also tried to find some helpful tool on the internet but nothing seemed to work! : /






encryption aes decryption




encryption aes decryption






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jun 1 '18 at 16:14









roblindroblind

1084




1084




migrated from security.stackexchange.com Jun 8 '18 at 12:15


This question came from our site for information security professionals.






migrated from security.stackexchange.com Jun 8 '18 at 12:15


This question came from our site for information security professionals.










  • 1





    The -k should be -K if you want to specify the raw hex key.

    – forest
    Jun 1 '18 at 16:17






  • 1





    You also don't want -a if you want a hex output. Pipe it to xxd instead. Since the plaintext and ciphertext are both exactly 16 bytes you'll also want -nopad.

    – AndrolGenhald
    Jun 1 '18 at 16:22






  • 1





    Then it seems it doesn't realize that you are specifying the raw keys. Remember to use -K with the hex key and -iv with the hex IV. That will allow it to take that directly rather than prompting you for a password. When it's asking you for a password, it is looking for ASCII which it will hash with SHA-256 (on newer builds) or MD5 (on older builds) before using directly as the key.

    – forest
    Jun 1 '18 at 16:29






  • 1





    You have to use the key used to encrypt it. If you don't know the key you can't decrypt it...that's how cryptography works.

    – AndrolGenhald
    Jun 1 '18 at 16:33






  • 2





    You're still missing the -K. And what's the xxd in there for? You'd want to use xxd to view the file after decryption.

    – forest
    Jun 1 '18 at 16:57














  • 1





    The -k should be -K if you want to specify the raw hex key.

    – forest
    Jun 1 '18 at 16:17






  • 1





    You also don't want -a if you want a hex output. Pipe it to xxd instead. Since the plaintext and ciphertext are both exactly 16 bytes you'll also want -nopad.

    – AndrolGenhald
    Jun 1 '18 at 16:22






  • 1





    Then it seems it doesn't realize that you are specifying the raw keys. Remember to use -K with the hex key and -iv with the hex IV. That will allow it to take that directly rather than prompting you for a password. When it's asking you for a password, it is looking for ASCII which it will hash with SHA-256 (on newer builds) or MD5 (on older builds) before using directly as the key.

    – forest
    Jun 1 '18 at 16:29






  • 1





    You have to use the key used to encrypt it. If you don't know the key you can't decrypt it...that's how cryptography works.

    – AndrolGenhald
    Jun 1 '18 at 16:33






  • 2





    You're still missing the -K. And what's the xxd in there for? You'd want to use xxd to view the file after decryption.

    – forest
    Jun 1 '18 at 16:57








1




1





The -k should be -K if you want to specify the raw hex key.

– forest
Jun 1 '18 at 16:17





The -k should be -K if you want to specify the raw hex key.

– forest
Jun 1 '18 at 16:17




1




1





You also don't want -a if you want a hex output. Pipe it to xxd instead. Since the plaintext and ciphertext are both exactly 16 bytes you'll also want -nopad.

– AndrolGenhald
Jun 1 '18 at 16:22





You also don't want -a if you want a hex output. Pipe it to xxd instead. Since the plaintext and ciphertext are both exactly 16 bytes you'll also want -nopad.

– AndrolGenhald
Jun 1 '18 at 16:22




1




1





Then it seems it doesn't realize that you are specifying the raw keys. Remember to use -K with the hex key and -iv with the hex IV. That will allow it to take that directly rather than prompting you for a password. When it's asking you for a password, it is looking for ASCII which it will hash with SHA-256 (on newer builds) or MD5 (on older builds) before using directly as the key.

– forest
Jun 1 '18 at 16:29





Then it seems it doesn't realize that you are specifying the raw keys. Remember to use -K with the hex key and -iv with the hex IV. That will allow it to take that directly rather than prompting you for a password. When it's asking you for a password, it is looking for ASCII which it will hash with SHA-256 (on newer builds) or MD5 (on older builds) before using directly as the key.

– forest
Jun 1 '18 at 16:29




1




1





You have to use the key used to encrypt it. If you don't know the key you can't decrypt it...that's how cryptography works.

– AndrolGenhald
Jun 1 '18 at 16:33





You have to use the key used to encrypt it. If you don't know the key you can't decrypt it...that's how cryptography works.

– AndrolGenhald
Jun 1 '18 at 16:33




2




2





You're still missing the -K. And what's the xxd in there for? You'd want to use xxd to view the file after decryption.

– forest
Jun 1 '18 at 16:57





You're still missing the -K. And what's the xxd in there for? You'd want to use xxd to view the file after decryption.

– forest
Jun 1 '18 at 16:57










1 Answer
1






active

oldest

votes


















3














Prepare input text:



echo "We're blown. Run" >input.txt


Encode:



openssl enc -aes-256-cbc -nosalt -e 

        -in input.txt -out input.txt.enc 

        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


Decode to stdout original text:



openssl enc -aes-256-cbc -nosalt -d 

        -in input.txt.enc 

        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


Note that for -K and -iv you must pass a string comprised only of hex digits. You can get this string from a binary file like this:



hexdump -e '16/1 "%02x"' FILE_WITH_KEY





share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1329658%2fhow-can-i-encrypt-decrypt-aes-256-cbc-with-openssl%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    3














    Prepare input text:



    echo "We're blown. Run" >input.txt


    Encode:



    openssl enc -aes-256-cbc -nosalt -e 
    
        -in input.txt -out input.txt.enc 
    
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


    Decode to stdout original text:



    openssl enc -aes-256-cbc -nosalt -d 
    
        -in input.txt.enc 
    
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


    Note that for -K and -iv you must pass a string comprised only of hex digits. You can get this string from a binary file like this:



    hexdump -e '16/1 "%02x"' FILE_WITH_KEY





    share|improve this answer






























      3














      Prepare input text:



      echo "We're blown. Run" >input.txt


      Encode:



      openssl enc -aes-256-cbc -nosalt -e 
      
        -in input.txt -out input.txt.enc 
      
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


      Decode to stdout original text:



      openssl enc -aes-256-cbc -nosalt -d 
      
        -in input.txt.enc 
      
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


      Note that for -K and -iv you must pass a string comprised only of hex digits. You can get this string from a binary file like this:



      hexdump -e '16/1 "%02x"' FILE_WITH_KEY





      share|improve this answer




























        3












        3








        3







        Prepare input text:



        echo "We're blown. Run" >input.txt


        Encode:



        openssl enc -aes-256-cbc -nosalt -e 
        
        -in input.txt -out input.txt.enc 
        
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


        Decode to stdout original text:



        openssl enc -aes-256-cbc -nosalt -d 
        
        -in input.txt.enc 
        
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


        Note that for -K and -iv you must pass a string comprised only of hex digits. You can get this string from a binary file like this:



        hexdump -e '16/1 "%02x"' FILE_WITH_KEY





        share|improve this answer















        Prepare input text:



        echo "We're blown. Run" >input.txt


        Encode:



        openssl enc -aes-256-cbc -nosalt -e 
        
        -in input.txt -out input.txt.enc 
        
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


        Decode to stdout original text:



        openssl enc -aes-256-cbc -nosalt -d 
        
        -in input.txt.enc 
        
        -K '2222233333232323' -iv '5a04ec902686fb05a6b7a338b6e07760'


        Note that for -K and -iv you must pass a string comprised only of hex digits. You can get this string from a binary file like this:



        hexdump -e '16/1 "%02x"' FILE_WITH_KEY






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 24 '18 at 11:45

























        answered Sep 26 '18 at 7:48









        SergASergA

        1464




        1464






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1329658%2fhow-can-i-encrypt-decrypt-aes-256-cbc-with-openssl%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Plaza Victoria

            Image
            Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l
            Read more

            Puebla de Zaragoza

            Image
            Para otros usos de este término, véase Puebla (desambiguación). Heroica Puebla de Zaragoza Localidad De arriba a abajo de izquierda a derecha: Estrella de Puebla, Volcán Popocatépetl, Catedral de Puebla, Monumento a Ignacio Zaragoza, Estadio Cuauhtémoc, Angelópolis y Vista panorámica de la ciudad. Escudo Otros nombres: El relicario de América/ La ciudad de los Ángeles/ La Angelópolis Lema: Muy noble y muy leal ciudad de Puebla de los Ángeles Heroica Puebla de Zaragoza Localización de Heroica Puebla de Zaragoza en México Heroica Puebla de Zaragoza Localización de Heroica Puebla de Zaragoza en Puebla Mapa interactivo Coordenadas 19°03′05″N 98°13′04″O  /  19.051388888889, -98.217777777778 Coordenadas: 19°03′05″N 98°13′04″O  /  19.051388888889, -98.217777777778 Idioma oficial Español Entidad Localidad  • País   México  • Estado Puebla  • Municipio Puebla Presidente municipal Claudia Rivera Vivanc
            Read more

            Musa

            Image
            Para el género de plantas, véase Musa (planta). Apolo y la Nueve Musas En la mitología griega, las musas (en griego antiguo μοῦσαι « mousai» ) son, según los escritores más antiguos, las divinidades inspiradoras de las Artes: cada una de ellas está relacionada con ramas artísticas y del conocimiento. Son hijas de Zeus y de Mnemósine, compañeras del séquito de Apolo, dios olímpico de la música y patrón de las bellas artes, quien tuvo romances con cada una de ellas, dejando descendientes. Bajaban a la tierra a susurrar ideas e inspirar a aquellos mortales que las invocaran. En la época más arcaica eran las ninfas inspiradoras de las fuentes, en las cuales eran adoradas. Finalmente, alrededor de los siglos VIII-VII a. C. [ 1 ] ​ prevaleció en todo el territorio de la Hélade la adoración de las nueve Musas, que son Calíope, Clío, Erato, Euterpe, Melpómene, Polimnia, Talía, Terpsícore y Urania. El culto a las musas era originalmente de Tracia y Beocia, y fueron de vital impo
            Read more