1

I want to decrypt password which was encrypted by "DES/CBC/PKCS5Padding" of javax.crypto.Cipher. I have to use OpenSSL to decrypt the password. Which API in OpenSSL should I use?

I know API for DES3 is DES_ede3_cbc_encrypt, and want to know DES.

Edure
  • 73
  • 2
  • 8

1 Answers1

2

You should also use EVP_* functions; and not functions like DES_ede3_cbc_encrypt (and friends). See EVP Symmetric Encryption and Decryption on the OpenSSL wiki.

To answer your question about DES symbols, you need to use EVP_des_XXX, where XXX is a mode of interest. I'm guessing you want EVP_des_cbc.

If you are working on a CentOS machine with the FIPS version of OpenSSL and FIPS mode is active, then you probably won't have access to any DES or 2-key 3DES algorithms (3-key 3DES should be available).

$ cd openssl
$ grep EVP_des include/openssl/evp.h
const EVP_CIPHER *EVP_des_ecb(void);
const EVP_CIPHER *EVP_des_ede(void);
const EVP_CIPHER *EVP_des_ede3(void);
const EVP_CIPHER *EVP_des_ede_ecb(void);
const EVP_CIPHER *EVP_des_ede3_ecb(void);
const EVP_CIPHER *EVP_des_cfb64(void);
const EVP_CIPHER *EVP_des_cfb1(void);
const EVP_CIPHER *EVP_des_cfb8(void);
const EVP_CIPHER *EVP_des_ede_cfb64(void);
const EVP_CIPHER *EVP_des_ede3_cfb64(void);
const EVP_CIPHER *EVP_des_ede3_cfb1(void);
const EVP_CIPHER *EVP_des_ede3_cfb8(void);
const EVP_CIPHER *EVP_des_ofb(void);
const EVP_CIPHER *EVP_des_ede_ofb(void);
const EVP_CIPHER *EVP_des_ede3_ofb(void);
const EVP_CIPHER *EVP_des_cbc(void);
const EVP_CIPHER *EVP_des_ede_cbc(void);
const EVP_CIPHER *EVP_des_ede3_cbc(void);
const EVP_CIPHER *EVP_desx_cbc(void);
const EVP_CIPHER *EVP_des_ede3_wrap(void);

Here are some references I keep cribbed away for OpenSSL and Java interop. Usually EVP_BytesToKey causes some issues.

jww
  • 97,681
  • 90
  • 411
  • 885
  • I use `DES_ncbc_encrypt`, and it works well in decrypting password which is encrypted by DES/CBC/PKCS5Padding of Java. – Edure Sep 28 '17 at 01:43