3

I have an encrypted file in server using OpenSSL command:

openssl enc -aes-256-ecb -salt -in ori.pdf -out encrypted.pdf -pass pass:testpassword -p

Below is the key and salt showed after the encryption done:

salt=BE1EFCBAE984CB24
key=50B62ECEF1B777353372A44CDDC463987815F783E39D68B8EE6A0AB74A79C7FA

I had tried to decrypt if with below decryption:

String key  = "50B62ECEF1B777353372A44CDDC463987815F783E39D68B8EE6A0AB74A79C7FA";
byte[] keyBytes = key.getBytes("UTF-8");
SecretKey keySpec = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
cipher.init(Cipher.DECRYPT_MODE, keySpec);
buffer = cipher.doFinal(buffer);

How to decrypt the encrypted file in Android?

jww
  • 97,681
  • 90
  • 411
  • 885
MinFu
  • 353
  • 1
  • 13
  • **Never use [ECB mode](http://crypto.stackexchange.com/q/14487/13022)**. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like [CBC](http://crypto.stackexchange.com/q/22260/13022) or [CTR](http://crypto.stackexchange.com/a/2378/13022). It is better to authenticate your ciphertexts so that attacks like a [padding oracle attack](http://crypto.stackexchange.com/q/18185/13022) are not possible. This can be done with authenticated modes like GCM or EAX, or with an [encrypt-then-MAC](http://crypto.stackexchange.com/q/202/13022) scheme. – Artjom B. May 27 '16 at 14:27
  • I believe the OpenSSL `enc` subcommand uses [`EVP_BytesToKey`](https://www.openssl.org/docs/manmaster/crypto/EVP_BytesToKey.html), which can be a non-standard mixing function. That's where the subcommand gets its key and iv. You will probably need to duplicate it. I know other libraries, like Crypto++, [provides it for interop](http://www.cryptopp.com/wiki/OPENSSL_EVP_BytesToKey). I think this may be the question you can use to find the answer: [How to decrypt an encrypted file in java with openssl with AES?](http://stackoverflow.com/q/11783062) – jww May 27 '16 at 21:11
  • thanks a lot @jww suggestion helped me to solve my problem. – MinFu May 30 '16 at 07:20

1 Answers1

0

I goofed on my original answer. I misread the string as "base 64". When it fact, it's just "hex encoded".

Change this statement:

byte[] keyBytes = key.getBytes("UTF-8");

To be this:

byte [] keyBytes = hexStringToByteArray(key);

Where hexStringToByteArray is the function lifted from this answer here.

public static byte[] hexStringToByteArray(String s) {
    int len = s.length();
    byte[] data = new byte[len / 2];
    for (int i = 0; i < len; i += 2) {
        data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                             + Character.digit(s.charAt(i+1), 16));
    }
    return data;
}
Community
  • 1
  • 1
selbie
  • 100,020
  • 15
  • 103
  • 173