PantsuJo PantsuJo - 1 month ago 22
Python Question

Python and OpenSSL: unable to decrypt

I have found a small piece of code capable of encrypt (and decrypt) files in AES (128bit) CBC mode. It work flawlessy even in decryption so I belived that OpenSSL would be capable (of course) od decrypting my files but it seems impossibile. I get the "Error reading input files"

import os, random, struct
from Crypto.Cipher import AES

def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):
""" Encrypts a file using AES (CBC mode) with the
given key.

key:
16, 24 or 32 bytes long

in_filename:
Name of the input file

out_filename:
If None, '<in_filename>.enc' will be used.

chunksize:
Sets the size of the chunk which the function
uses to read and encrypt the file.
Chunksize must be divisible by 16.
"""
if not out_filename:
out_filename = in_filename + '.enc'

iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
encryptor = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(in_filename)

with open(in_filename, 'rb') as infile:
with open(out_filename, 'wb') as outfile:
outfile.write(struct.pack('<Q', filesize))
outfile.write(iv)

while True:
chunk = infile.read(chunksize)
if len(chunk) == 0:
break
elif len(chunk) % 16 != 0:
chunk += ' ' * (16 - len(chunk) % 16)

outfile.write(encryptor.encrypt(chunk))


The error is the same ever time: "Error reading input files". How is it possibile? The commands I use is this:

openssl aes-128-cbc -d -in test_enc.txt -out test_dec.txt


Why doesn't work?

YSK YSK
Answer

OpenSSL uses its own file format. In particular, there's a Salted__ header, as well as a salt that's used to derive the IV (i.e. the IV is not directly stored with the encrypted data).

You can find some hints in https://scottlinux.com/2013/10/13/how-to-encrypt-a-file-with-openssl/ and in http://crypto.stackexchange.com/questions/3298/is-there-a-standard-for-openssl-interoperable-aes-encryption, but they don't describe the actual format.

You might be able to examine the OpenSSL code to figure that out, but the bottom line is that OpenSSL uses its own file format and you have to use it if you want OpenSSL to decrypt your files.

Comments