Decrypt openSSL encrypted file in C#

Question

I'm in the process of porting some legacy PHP software running on our back-end system. The existing application executes OpenSSL by calling the CLI tool to encrypt files that are served via apache.

What I'm trying to build is a ASP.NET core WebAPI with the same functionality but not having to call any CLI tools or to save files on disk. The API will fetch data from repository, encrypt and serve result dynamically. However, in order to maintain backwards compatibility -- I need to make sure that the files can be encrypted/decrypted by either system.

I'm a bit at a loss for how I can decrypt the files that were previously encrypted with OpenSSL, using only what's available in ASP.NET core 2. I know the passphrase that was used to encrypt the files, but I don't understand how it relates to the requirements of the crypto library in .NET.

Below is an example OpenSSL (v0.9.8) command that was used to encrypt:

openssl enc -e -aes-256-cbc -k abc123 -in abc123.xml.tmp -out abc123.xml

How can I convert the file back into plaintext using only ASP.NET core?

How I could re-encrypt in using C# so that I'd be able to decrypt with OpenSSL CLI tools?

Answer 1

When you provide a password with the -k flag, OpenSSL uses an (insecure) KDF commonly known as EVP_BytesToKey.

This KDF is used to derive both the key and the IV used for encryption.

You'll need to find an implementation of this KDF for C# as it is not supported in .NET. From there, you can determine the IV and key and use the built in Aes class to decrypt the file.

Recall that the KDF is actually quite insecure, so if you are intending to continue using OpenSSL, you should also be upgrading the way you encrypt with it to use the -K flag and the -iv flag.