1

I am trying to decrypt programmatically encrypted file using OpenSSL. OpenSSL was used to encrypt the file and I know both the function and the key that was used:

//This declaration is just figurative
const char keybuf = "12345678";
// Prepare the key for use with DES_cfb64_encrypt
DES_cblock key2;
DES_key_schedule schedule;
// keybuf is the string key used as password
memcpy(key2, keybuf, 8);
DES_set_odd_parity(&key2);
DES_set_key_checked(&key2, &schedule);
int n = 0;
DES_cfb64_encrypt( ..., ..., length, &schedule, &key2, &n, DES_ENCRYPT );

First I converted the file to binary from base64 (which is how it's packed):

cat data.b64 | base64 --decode > data.cr

Now when I run command line on encrypted data (assuming des-cfb is algorighm I need):

openssl enc -d -des-cfb -in data.cr -out data.decr -k 12345678

this is what I get:

bad magic number

So what I'm doing wrong here? Maybe I converted the file wrongly from base64?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Tomáš Zato
  • 50,171
  • 52
  • 268
  • 778
  • 1
    Its odd to see DES in 2015. Be sure you have a hard engineering requirement to use it because it is usually considered insecure. (I'm trying to avoid the [bikeshedding](http://bikeshed.com/)). – jww Oct 03 '15 at 10:40
  • @jww It only encrypts user-password database located on the very same machine as the application that decrypts is. As I asked in the past (with other project in mind), there's no way to make that really secure, so algorithm is the least of my problems. Everyone with real dedication will just find the string key in the binary file. – Tomáš Zato Oct 03 '15 at 11:14

1 Answers1

1

Which openssl command is equivalent to DES_cfb64_encrypt function?

None

The CFB mode is a parametrized mode and the 64 in DES_cfb64_encrypt sets the size of the shift register or segment to 64 bit. The commandline interface only supports 3 segment sizes for CFB mode which are 1 bit, 8 bit and size of the cipher block size (64 bit for DES). Those three parametrized modes are incompatible between each other and they cannot be used to decrypt ciphertexts that were encrypted with CFB-64.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
  • Too bad for me. Is there an alternative? – Tomáš Zato Oct 02 '15 at 07:25
  • It shouldn't take too long to write your own little command line tool that does this. – Artjom B. Oct 02 '15 at 07:41
  • Shouldn't but my effort to decrypt was more an experiment, I can read the file within GUI of the program that encrypts/decrypts it. Writing my own tool would probably take too much time just to make a Unit test I don't even need. – Tomáš Zato Oct 02 '15 at 07:44