1

I have this python snippet which always worked for me:

from Crypto.Cipher import AES # pip install pycryptodome
import os

def aes_cfb(data, key, iv):
    ctx = AES.new(key, AES.MODE_CFB, iv = iv, segment_size = 128)
    decrypted = ctx.decrypt(data)
    return decrypted

filesize = os.stat('./config_enc.bin').st_size

with open('./config_enc.bin','rb') as rf:
    data = rf.read(filesize)
    decrypted = aes_cfb(data, b'3398699acebda0da', b'b39a46f5cc4f0d45')

with open('./config.xml', 'wb') as wf:
    wf.write(decrypted)

So I have decided to use openssl.exe as a command line tool for testing (because it is more practical than a python code), and it never worked for me.

Here is the command line tool I used using version OpenSSL 1.1.1j 16 Feb 2021 :

openssl.exe enc -d -aes-128-cfb -in config_enc.bin -out config.xml -K 3398699acebda0da -iv b39a46f5cc4f0d45

So, what I am doing wrong here? or maybe OpenSSL is not compatible at all! If so, then I should drop it and replace it with something else.

Encrypted file: https://filebin.net/xm85gfwfauf4mutv (Expires 1 week from now).

kelalaka
  • 5,064
  • 5
  • 27
  • 44
Tomay
  • 35
  • 5
  • Could you write a minimal, verifiable, and complete code for python? – kelalaka Mar 12 '21 at 23:01
  • `AES_KEY = str(bytearray.fromhex('3398699acebda0da'))` the key must be converted from hex to bytes – kelalaka Mar 13 '21 at 00:23
  • @kelalaka The python script works already (I am already passing it as bytes, notice the `b` before it), but the `openssl` tool is the one not working here. – Tomay Mar 13 '21 at 00:39
  • That is the point, there is an inconsistency! And you are using a very short key. – kelalaka Mar 13 '21 at 00:42
  • 1
    @kelalaka You are right, `key` and `iv` has to be converted to hex for `openssl`, I competely missed that, and thought that `openssl` is not compatible, I have tried: `openssl enc -d -aes-128-cfb -in config_enc.bin -out config.xml -K 33333938363939616365626461306461 -iv 62333961343666356363346630643435` and it finally worked. Thank you very much. – Tomay Mar 13 '21 at 01:02
  • Yes, That is the way, I've shown both ways, however, for the first case the key sizes are small, so I made them larger. – kelalaka Mar 13 '21 at 01:04

1 Answers1

1

First of all, for the OpenSSL command line, the key (-K option) and IV (-iv option) must be supplied with hexadecimal values. If we supply your values they are short they are padded with 0s with a warning;

hex string is too short, padding with zero bytes to length

You provide 16 hexes but that needs 32 for AES-128. Let's run with extended key and IV;

openssl enc -e -aes-128-cfb \
     -in plain.txt \
     -out encrypted.txt \
     -K 3398699acebda0dab39a46f5cc4f0d45 \
     -iv b39a46f5cc4f0d45b39a46f5cc4f0d45`

with plaintext 12345678 then the output �4PcGp� as encrypted value.

Now with str(bytearray.fromhex('HEXVALUE')), we can turn hex string to bytes and use them in your code as;

from Crypto.Cipher import AES # pip install pycryptodome
import os

def aes_cfb(data, key, iv):
    ctx = AES.new(key, AES.MODE_CFB, iv = iv, segment_size = 128)
    decrypted = ctx.decrypt(data)
    return decrypted

filesize = os.stat('./encrypted.txt').st_size

with open('./encrypted.txt','rb') as rf:
    data = rf.read(filesize)
    decrypted = aes_cfb(data, 
                        str(bytearray.fromhex('3398699acebda0dab39a46f5cc4f0d45'),
                        str(bytearray.fromhex('b39a46f5cc4f0d45b39a46f5cc4f0d45') 
                       )

with open('./config.xml', 'wb') as wf:
    wf.write(decrypted)

Now they are compatible with secure key sizes.

You claim that this key is byte 3398699acebda0da, however, it is hexadecimal, i.e. contains only hexadecimal characters. If you are using this, this means that your effective keyspace is 64 bits. This is insecure by today's standards.

Assuming that this is for testing only, then you can covert this by to hex via some command as in Linux's hexdump command.

Or in Python use b'3398699acebda0da'.hex() to convert bytes to hex and supply to OpenSSL as hex.

kelalaka
  • 5,064
  • 5
  • 27
  • 44