1

The ciphertext is encrypted by Javascript using the AES algorithm in hexadecimal format. I first coded it in Base64 and then decrypted it using OpenSSL.

But it failed, I don't know where it is wrong.

And I am using a Windows compiled version of OpenSSL. http://gnuwin32.sourceforge.net/packages/openssl.htm

The command is as follows:

openssl enc -aes-128-cbc -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d

result:

bad decrypt
6396:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:./crypto/evp/evp_enc.c:461:

Ciphertext (HEX)

4cb4eb49df960e82c14e158ac418ca918736e4fbb730f532fc37d226e0e8b0e3ce0571ce4c146a6a9e037b9b79d8077568326d7fe2a3f9a91d266cfeb8bfac5668f526bc4d5ee1a21cbe85c8efab8cd1fe29b4a2b412468c6d97b7a3bfd2f69c50691e181fde43710bc61ffff2c6e7cbab59de70b97d993707c16e4a909273cc873d9156dda0ad03214e29048ac39532b8ec11c071174219fefa85e0d489468036154d19d2b683b20b07589abb9f4d863fcd17598d43a8b82d37236ceee7588d08a22f4c9662bba7f4cf6595f28b0e7b7e62f9be2d42f1b11f5c06aca7ed7568d8922d9155c229a8d57b251695c2bd645cb44539e4278b4431ac60a318fbd22afe18b204f9730f86a07c43355ce89f9646be5810e0c6bd2043066d359efe73c8e0ac7f581e048ed1809ad2720ea96f528d0acc7fd622b86d3073e8b1ac0b5d70f4e92b045e8cdf1fb6c999332ba2c279ebab2262589082a8214187a8904671a2c4eec8828335dc7f49fe438fb4e34c762e9f7febe30672a9ced8b0a2b66373d3a3b9efbe46e63f4d8b2723ebe85736f5

Thanks to Topaco for your help. Because of my negligence, mistake CTR for CBC, causing confusion.

Improve this question
2
  • But the OpenSSL document writes; -a This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted. Commented Oct 8, 2019 at 20:06
  • I get the same error after replacing -a with -base64. Is the problem on the JavaScript encryption algorithm? I am not sure if the Javascript algorithm it uses is compliant with the AES standard. I have not given the Javascript algorithm part. Commented Oct 8, 2019 at 20:17

1 Answer 1

Reset to default
3

You can try the following:

openssl enc -aes-128-cbc -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d

After the -K and -iv options, the input must be a hexadecimal string, i.e. instead of 1234567890000000 you have to use 31323334353637383930303030303030. The -A option says that the Base64-encoded ciphertext is contained in one single line, here. So there is no need to use line breaks.

Update:

It turned out that the JavaScript-code actually applied to generate the posted ciphertext uses CTR-mode for encryption (instead of CBC-mode). Therefore, the OpenSSL-statement which can be used to decrypt the posted ciphertext is:

openssl enc -aes-128-ctr -a -A -in Cipherbase64.txt -out PlainText.txt -K 31323334353637383930303030303030 -iv 31323334353637383930303030303030 -d

The decrypted text is: 

{"sign":"13adab9285fe86206b73e029ff0d290fc0e31237","timestamp":1570608017,"logid":"MTU3MDYwODA2MjAzMjAuMTMzMjE0Nzc2OTIxNTgxNDY=","uk":3012946979,"shareid":547370362,"fid_list":"[\"482622974717034\"]","input":"aaxb","vcode":"33324238656332346361663334656637323237633636373637643239666664336662393132313032313738303030303030303030303030303031353730363038303530B0D6C0036A1909217D2CDCD5B76B46FB"}

which can be easily verified here.

Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

You are right. It is necessary to convert 1234567890000000 to HEX. But I still got a bad decrypt error. I am using a Windows version of OpenSSL. gnuwin32.sourceforge.net/packages/openssl.htm I don't think this is an opensl error, I am also sure that there is no error in converting HEX ciphertext to Base64. So I am confused, why I can't get the expected results.
Is it wrong on the padding? Is OpenSSL using PKCS#5 instead of PKCS#7 by default?
I think a padding-problem is rather unlikely. For the difference between Pkcs5- and Pkcs7-Padding see here. Did you use the -a -A options? If not, this will result in bad decrypt.
If the issue still persists: Your CryptoJS-code returns the ciphertext as a hexadecimal string. The OpenSSL-statement expects a Base64-encoded ciphertext in the Cipherbase64.txt file. Have you considered this? So that we refer to the same example: Please use your code and key and IV to encrypt the following plaintext (without an ending dot) The quick brown fox jumps over the lazy dog and post the result in both, hexadecimal- and Base64-encoding, the latter corresponding to the content of the Cipherbase64.txt file.
The openSSL version used (0.9.8h) seems to be relatively old, but there are no indications yet to suspect the issue here.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.