How could i decrypt openssl in Java?

Question

I need to decrypt openssl encrypted file in Java by passing key.

I have previously checked from the below link, but it does not include explicit key parameter passing and reads file line by line. How to decrypt file in Java encrypted with openssl command using AES?

As differently, my files encrypted as a whole rather than line encryption and I have an explicit key to decrypt the file.

The other issue is my file size is so big and I am not sure about the best method of saving the file in memory as a whole in the first step.

Thanks in advance.

you don't need to load the whole file into memory, you can decrypt it block by block (using update() instead of doFinal()) — gusto2, Aug 27 '18 at 11:37
Use`CipherInputStream` and `Files.copy()` as in [this](https://stackoverflow.com/a/19194580/238704) answer. There are many, many examples here on Stackoverflow showing how to create a Cipher instance from a key. — President James K. Polk, Aug 27 '18 at 13:34
@JamesKPolk `CipherInputStream` stores the IV at the start of the stream which is not the case of encrypted data with explicitly provided key — gusto2, Aug 27 '18 at 13:45

gusto2 · Answer 1 · 2018-08-28T07:20:59.140

I need to decrypt openssl encrypted file in Java by passing key.

openssl enc -d -aes-256-cbc -in myfile.csv.enc -out myoutputfile.csv -pass key.bin

Here you provide a password file, not a key. Key and IV are computed from the password and random salt.

`openssl enc -K e849fb4e3779791a3ffe9f576b086bdf -iv 23acf784ff126ab52c90d15fd7ecb921 -e -aes-128-cbc -in notes.txt -out notes.enc` Unlike the example, where the encryption key and IV are computed from the password (and random salt), providing explicitly key and IV the data stored are raw encrypted data (with nothing) prepended.

As differently, my files encrypted as a whole rather than line encryption and I have an explicit key to decrypt the file.

        Cipher cipher = Cipher.getInstance("AES/CBC/Pkcs5Padding");
        byte[] passwordBytes = readPasswordBytes();
        InputStream in = new BufferedInputStream(new FileInputStream("notes.enc"));
        byte[] saltedString = new byte[8];
        in.read(saltedString); // read the "Salted__" prefix
        byte[] salt         = new byte[8];
        in.read(salt);
        // see the EVP_BytesToKey and parameters from the linked question
        byte[][] keyAndIv = EVP_BytesToKey(
                KEY_SIZE_BITS / Byte.SIZE,
                cipher.getBlockSize(),
                md5,
                salt,
                passwordBytes,
                ITERATIONS);
        byte[] key = keyAndIv[0];
        byte[] iv  = keyAndIv[1];

        SecretKeySpec secKeySpec = new SecretKeySpec(key, "AES");
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        cipher.init(Cipher.DECRYPT_MODE, secKeySpec, ivSpec);

        // here we will use 4kB buffer to read and decrypt data
        byte[] buffer = new byte[4096];

        OutputStream out = new BufferedOutputStream(new FileOutputStream("notes2.txt"));
        for(int readBytes = in.read(buffer); readBytes>-1; readBytes = in.read(buffer)) {
            byte[] decrypted = cipher.update(buffer, 0, readBytes);
            out.write(decrypted);
        }
        byte[] decrypted = cipher.doFinal();
        out.write(decrypted);
        out.flush();
        out.close();
        in.close();

I am using these command to decyrpt the file ? Do i need IV extract in this case ? openssl enc -d -aes-256-cbc -in myfile.csv.enc -out myoutputfile.csv -pass key.bin — Neslihan Bozer, Aug 28 '18 at 06:32
@Bianca you've said you provide the encryption key explicitly, this is different. In your command you provide a password (key and iv are computed from the password and salt, it is described in the link you already have). In that case the output file has prepended text `Salted__` and 8 bytes of salt. You can use `-p` parameter to let openssl output the computed values. Then instead of my answer use the code from the link (you could use chunked decryption, not to load the whole file into memory) — gusto2, Aug 28 '18 at 06:49
I am using the password file, which link you refer? Also could you describe chunked decryption ? — Neslihan Bozer, Aug 28 '18 at 08:04
I got an error as;Exception in thread "main" java.lang.IllegalStateException: java.security.InvalidKeyException: Illegal key size at com.smartsgroup.connectors.bistgw.encrypt.CodeOpenSSL.main(CodeOpenSSL.java:64) Caused by: java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039) at javax.crypto.Cipher.init(Cipher.java:1393) at javax.crypto.Cipher.init(Cipher.java:1327) — Neslihan Bozer, Aug 28 '18 at 08:05
@Bianca I refer the link in your question (implementing the EVP_BytesToKey function). Under the chunked decryption I mean decrypting file block by block (not all at once, such as in my example code). Please check the computed key has 256 bits (32 bytes), you may need to install [Unlimited Strength JCE](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) depending on your JRE version — gusto2, Aug 28 '18 at 08:11
Nits: As correctly stated in the linked Q, for OpenSSL 1.1.0+ (released 2016 but not quickly adopted) the default hash for `enc` PBE changed to sha256, and this Q doesn't say OpenSSL version. (Looking at `-p` or `-P` still works.) Also remember for Oracle Java since fall 2017 (8u151 up, including 9 10 11, also paid-support versions of 7 and IINM 6) the unlimited-policy fix no longer applies. — dave_thompson_085, Sep 10 '18 at 16:44

How could i decrypt openssl in Java?

1 Answers1

Linked