How do I decrypt a message using openssl's CLI?
8,402
I think you're looking for something like this:
openssl yourcipher -d < yourfile
For example if the file was encrypted using des3
cipher, and the file is /path/to/file.des3
then:
openssl des3 -d < /path/to/file.des3
It will ask you for the passphrase.
If the file is base64 encoded, then you should be able decode and decrypt like this:
openssl enc -base64 -d < /path/to/file | openssl yourcipher -d
Related videos on Youtube
Author by
user50849
Updated on September 18, 2022Comments
-
user50849 over 1 year
I have a message, I know the password and the cipher that was used to encrypt it, but I can't figure out how to ask openssl to decrypt it.
I see the cipher in the output from the
ciphers
command, and the man page lists aenc
command forEncoding with Ciphers
, but I can't find how I would do the opposite, decode a message.-
dave_thompson_085 almost 8 yearsLate but:
openssl ciphers
lists ciphersuites for SSL/TLS, which is in practice never password based, and doesn't leave messages anywhere you could later decrypt (i.e. if you have a file, it's not SSL/TLS).openssl enc
is one commonly used password-based encryption scheme, but there are CMS and (rarely) S/MIME PBEs and a common PGP PBE, and also PBE schemes for keys which are not accurately described as messages, as well as other PBEs.
-
-
janos over 10 yearsThat error is common when the file is not really an encrypted file... Perhaps you need to unzip it first?
-
user50849 over 10 yearsIf I've understood my instructions correctly, my file is base64 encoded (It looks like base64 as well, though that's no guarantee of course). But I've tried passing it through
base64 -d [input] > [output]
and thenopenssl [cipher] -d < [output]
as well as deciphering the file as is, and I get the same "bad magic number" in both cases. -
janos over 10 years@user50849 I updated my answer thought it looks like you're already doing that... After you decode from base64, what does the
file
command tell you? Is the file binary? -
user50849 over 10 yearsI tried your added base64 command, and unfortunately I get the same error. file says
data
about the decoded file. I assume that your answer is correct and that something is wrong on my end. Possibly I've corrupted the input or similar. I'll try to work that out and get back. -
janos over 10 yearsCan you ask for a checksum of the file? That way you could confirm if your file is corrupted or not.
-
dave_thompson_085 almost 8 years
openssl enc
does base64 itself. If this was in fact the base64 form ofopenssl enc
, for which I see no evidence, justopenssl enc -$cipher -d -a
or equivalentlyopenssl $cipher -d -a
.