6

I encrypted a file with this command:

openssl enc -aes-192-cbc -e -pbkdf2 -in <infile> -out <outfile> -pass pass: <password>

Now I'm trying to do decrypt it in c and to take advantage of pbkdf2 I'm using the function:

int PKCS5_PBKDF2_HMAC (const char * pass, int passlen,
                        const unsigned char * salt, int saltlen, int iter,
                        const EVP_MD * digest,
                        int keylen, unsigned char * out);

But the problem is: I know the parameters pass, passlen, keyless and *out...

How do I know what are the parameters for the salt, iter and digest that correspond to the command written above?

Valerio Coretti
  • 147
  • 2
  • 8
  • Also see the source code to `openssl enc`. Each subcommand, like `enc`, `dec` and `kdf`, has a source file in `/apps`. Here is the one for [`enc.c`](https://github.com/openssl/openssl/blob/master/apps/enc.c), and here is the one for [`kdf.c`](https://github.com/openssl/openssl/blob/master/apps/kdf.c). – jww Nov 16 '19 at 06:56

1 Answers1

11

The openssl enc command is not a straight encryption of the input file. It adds a "magic" value on the front along with the salt. The magic value is the string "Salted__" (note the double underscore) followed by 8 bytes which is a randomly generated salt. Alternatively you can specify your own salt on the command line with the "-S" option (specified in hex). You can specify the digest to use with the "-md" argument. The default is sha256. You can specify the number of iterations with the "-iter" argument. The default is 10000.

Matt Caswell
  • 8,167
  • 25
  • 28
  • Ok i understand. Only one thing about the salt. If i understand, as a salt, in my function i have to pass the string: "Salted__" + (the 8 bytes after) and this is in the ciphertext, right? – Valerio Coretti Nov 12 '19 at 21:03
  • The salt is the 8 bytes *after* the string "Salted__" (it doesn't include the string itself). The ciphertext itself is after the salt. – Matt Caswell Nov 12 '19 at 23:09
  • As from at least openssl 1.1.1, its code declares the deafult iterations number to 10000, as explained here https://imil.net/blog/posts/2020/openssl-pbkdf2-default-iterations/ – iMil Jul 22 '20 at 17:19
  • 1
    Thanks @iMil you are correct. I have corrected my answer. – Matt Caswell Jul 22 '20 at 19:10
  • I only found this answer after googling "openssl enc output format" returned nothing useful, and I figured it out the hard (laborious) way, and subsequently needed the default iteration count... With this comment, google hopefully indexes the "openssl enc output format" query, so future me (or others) will find it... ;) – Alexander Wessel Feb 01 '23 at 01:33
  • One could add that the output of the key derivation function are the concatenated key and IV bytes, e. g. for aes-256-ctr the 8 byte key + the 7 byte IV. – Alexander Wessel Feb 01 '23 at 01:39