Using key file as password with OpenSSL

command-line linux-mint openssl
18,874

Add -pass file:nameofkeyfile to the OpenSSL command line. This causes OpenSSL to read the password/passphrase from the named file, but otherwise proceed normally.

For more details, see the man page for openssl(1) (man 1 openssl) and particularly its section "PASS PHRASE ARGUMENTS", and the man page for enc(1) (man 1 enc).

If the key file actually holds the encryption key (not something from which to derive the encryption key), then you want to use -K instead. For that, you need something like:

-K $(hexdump -v -e '/1 "%02X"' < nameofkeyfile)

in the OpenSSL command line instead of -pass. hexdump is used to transform the key file to the pure hexadecimal representation that OpenSSL wants.

Share:
18,874

Related videos on Youtube

jakubkoci
Author by

jakubkoci

Updated on September 18, 2022

Comments

  • jakubkoci
    jakubkoci over 1 year

    I got an assignment to decrypt a binary file which is encrypted using aes. I have a 32 byte binary file which is a key for decryption. I know how to decrypt if the key is a passphrase by using

    openssl enc -d -aes-256-cbc -in file.out

    In this case, the key is a binary file. How do I use it?

  • forest
    forest over 5 years
    -1 If the keyfile contains a newline, then this will break. The file will only be read up to the first newline.
  • Juan
    Juan over 3 years
    Note that OpenSSL does not "want" hex input. It expects the passphrase encoded in a particular way (e.g., it accepts valid UTF-8 characters). I was misled by this answer. Converting to hex is not necessarily bad, but strictly speaking not what openssl wants. See the passphrase-encoding(7) man page (which may not have existed in 2013 with older versions of openssl).
  • Juan
    Juan over 3 years
    By the way, the comment from @forest (not applicable after the answer was edited to add the hexdump) is a hint to other failures. Specifically, binary represenation of the passphrase is not a valid encoding and not a good choice for a passphrase. Here's an example where a 0x00 byte caused someone issues: alexander-stoyan.blogspot.com/2013/08/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Decrypt with the public key using openssl in commandline
How to create an OpenSSL Self-Signed Certificate using SAN?
Safe way to pass password for >1 programs in bash
Generate private key encrypted with password using openssl
Remove newline from openssl base64 encode string?
How to enable OpenSSL for PHP Cli?
How to stop using Anaconda's Version of OpenSSL
How do I decrypt a message using openssl's CLI?
What does BuildID SHA1 mean?
How do I use cat to base64 encode stdin on the fly with openssl?