Bad Magic Number error when trying to Decrypt file in OpenSSL

The input to the des command shouldn't be in base64. Instead, you need to first decode the base64 output and then provide it to the OpenSSL des command. For instance, when I run the following on Linux:

echo U2FsdGVkX18ztmw81FTK/c+jAf8xtcZdIpesuV2PLDM= | openssl enc -base64 -d | openssl des -d

I get the correct output:

hello world

Since Windows is not great with pipes, you have to redirect the output to intermediate files and then run individual openssl commands.

Openssl can base64 decode and decrypt in the same step with the -a or -base64 switch. But there is a bug in openssl's base64 processing, it expects a newline at the end of the base64 encoded data.

The easiest solution is to base64 --decode before decrypting.

For example, consider this base64 encrypted output:

# echo foo | openssl enc -aes256 -md sha512 -pass pass:pass -e -base64

U2FsdGVkX182tdJx07S5YoPzi9XhyONdR8Xbc6V1jiw=

If this is sent with a newline, it works fine. But if not, it fails.

# echo 'U2FsdGVkX182tdJx07S5YoPzi9XhyONdR8Xbc6V1jiw=' | openssl enc -aes256 -md sha512 -pass pass:pass -d -base64

foo

# echo -n 'U2FsdGVkX182tdJx07S5YoPzi9XhyONdR8Xbc6V1jiw=' | openssl enc -aes256 -md sha512 -pass pass:pass -d -base64

error reading input file

You can insert the newline with cat, or decode the base64 with another utility first:

# echo -n 'U2FsdGVkX182tdJx07S5YoPzi9XhyONdR8Xbc6V1jiw=' | cat - <(echo "") | openssl enc -aes256 -md sha512 -pass pass:pass -d -base64

foo

# echo -n 'U2FsdGVkX182tdJx07S5YoPzi9XhyONdR8Xbc6V1jiw=' | base64 --decode | openssl enc -aes256 -md sha512 -pass pass:pass -d

foo

Bad Magic Number error when trying to Decrypt file in OpenSSL

Tags:

Openssl

Related

Recent Posts