0

I'm new to python and I would like to do a zip and having the output encrypted in AES via python using subprocess command.

The standard shell command I use is as below:

zip -9 - test.txt | openssl enc -aes-256-cbc -md sha256 -out test.ENC -pass pass:123456

I tried to use in in python like below:

import subprocess
compress = subprocess.Popen(['zip', '-9', 'test.txt'], stdout=subprocess.PIPE,)
subprocess.Popen(['openssl enc -aes-256-cbc -md=sha256 -pass pass:123456 -out', stdin=compress.stdout], stdin=compress.stdout,)

I'm getting an error:

File "test.py", line 3
    subprocess.Popen(['openssl enc -aes-256-cbc -md=sha256 -pass pass:123456 -out test.ENC', stdin=compress.stdout], stdin=compress.stdout,)

Any help please? Thanks.

Dev Dev
  • 314
  • 4
  • 17
  • 1
    How did you manage to get the arguments to Popen correct the first time, and wrong the second time? The first argument is a *list* of strings giving the program you're calling and its arguments. The second argument should be `stdin=compress.stdout`. The `stdin=...` definitely should not be inside the array of arrguments. – Frank Yellin Nov 08 '21 at 17:06
  • It is not working even if I do: subprocess.Popen(['openssl enc -aes-256-cbc -md=sha256 -pass pass:123456 -out'], stdin=compress.stdout,) – Dev Dev Nov 08 '21 at 17:11
  • I managed to get it working like: `import subprocess compress = subprocess.Popen(['zip', '-9', 'test.txt'], stdout=subprocess.PIPE) subprocess.Popen(['openssl', 'enc', '-aes-256-cbc', '-md=sha256', '-pass', 'pass:123456'], stdin=compress.stdout, stdout=subprocess.PIPE)` but now I'm getting `bad decrypt 140073400914368:error:02012020:system library:fflush:Broken pipe:../crypto/bio/bss_file.c:318:fflush() 140073400914368:error:20074002:BIO routines:file_ctrl:system lib:../crypto/bio/bss_file.c:320:` – Dev Dev Nov 08 '21 at 17:58

1 Answers1

1

Problems:

  • In my version of openssl, there is no -aes-256-cbc.
  • '-md=sha256' needs to be '-md', 'sha256'
  • Did you mean to send the output of openssl to a pipe?
import subprocess
compressor = subprocess.Popen(
     ['zip', '-9', 'test.txt'], stdout=subprocess.PIPE)
subprocess.Popen(
        ['openssl', 'enc', '-aes-256-cfb', '-md', 'sha256', '-pass','pass:123456'],
        stdin=compressor.stdout)
Frank Yellin
  • 9,127
  • 1
  • 12
  • 22
  • It works well but it prints the encrypted output to the console. I want to save the output as a file so I did `['openssl', 'enc', '-aes-256-cfb', '-md', 'sha256', '-out', 'test.enc', '-pass','pass:123456']` but it stays stuck at the compression process `*** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.` – Dev Dev Nov 08 '21 at 22:02
  • If you want the result saved to a file, add something like `output = open("myfile", "wb")` at the beginning and add `stdout=output` to the second `Popen'. – Frank Yellin Nov 09 '21 at 06:26
  • Regarding the warning. You're passing "123456" as the password using an encryption algorithm that requires a 256-bit key. I'm not sure how the version of openssl you're using converts a 6-byte key to a 32-byte key, but it's warning you that it's not using a good key derivation algorithm. – Frank Yellin Nov 09 '21 at 06:28