AES encrypt with openssl command line tool, and decrypt in Java
49,024
As @Polynomial mentioned above, the keys and iv's don't match between the bash script and Java code. Changing the bash script to the following solves the problem.
#!/bin/bash
key128="01020304050607080900010203040506"
iv="01020304050607080900010203040506"
openssl enc -aes-128-cbc -in test -out test.enc -K $key128 -iv $iv
If openssl is executed in the following way, it will use a password, and print the key and iv used. That key and iv can be substituted in the Java program above.
openssl enc -nosalt -aes-128-cbc -in test -out test.enc -p
Author by
Ravi
Updated on July 09, 2022Comments
-
Ravi almost 2 years
I have a bash script that uses the openssl tool to encrypt.
#!/bin/bash key128="1234567890123456" iv="1234567890123456" openssl enc -aes-128-cbc -in test -out test.enc -K $key128 -iv $iv
And Java code that tries to decrypt the file produced by the script.
public class crypto { public static void main( String[] args ) { try { File f = new File("test.enc"); Cipher c; Key k; String secretString = "01020304050607080900010203040506"; String ivString = "01020304050607080900010203040506"; byte[] secret = hexStringToByteArray(secretString); byte[] iv = hexStringToByteArray(ivString); c = Cipher.getInstance("AES/CBC/PKCS5Padding"); k = new SecretKeySpec(secret, "AES"); c.init(Cipher.DECRYPT_MODE, k, new IvParameterSpec(iv)); CipherInputStream cis = new CipherInputStream(new FileInputStream(f), c); BufferedReader br = new BufferedReader(new InputStreamReader(cis)); String line; while ((line = br.readLine()) != null) { System.out.println(line); } br.close(); } catch (IOException e) { System.out.println(e.getMessage()); } catch (NoSuchAlgorithmException e) { System.out.println(e.getMessage()); } catch (NoSuchPaddingException e) { System.out.println(e.getMessage()); } catch (InvalidKeyException e) { System.out.println(e.getMessage()); } catch (InvalidAlgorithmParameterException e) { System.out.println(e.getMessage()); } } public static byte[] hexStringToByteArray(String s) { int len = s.length(); byte[] data = new byte[len / 2]; for (int i = 0; i < len; i += 2) { data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i+1), 16)); } return data; } } 33,1 71%
When I run the Java code, it doesn't print anything. Is there a mismatch between the script and Java code?
A secondary question is whether I can rewrite this to use password instead of key/iv. In order to do that, is there a way to know the iv that openssl uses for a given password?
-
Will777 about 8 yearsGreat post, thanks. I was struggling to get openssl blowfish encrypt working then doing a decrypt in Java, this really helps.
-
dr.doom almost 7 yearsPerhaps I haven't got something right but isn't the key too big for the specific version aes? Does the key get truncated? I used different key sizes and i receive different cipher text.