[openssl-users] AES-GCM failing from Command Line Interface

[Sec_Aficionado]

Hello,

I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject.

My command is:
openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt

I get prompted for password as expected.

The encryption goes well, and then I proceed to decrypt using:
openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt

The program executes but I get a "bad decrypt" message. However, when I open dec.txt, it is the same as the original file payload.txt

My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually.

Can someone please explain to me why this might be happening?

I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches.

Thanks in advance for your help.

Sent from my mobile
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Dr. Stephen Henson]

On Mon, Feb 09, 2015, Sec_Aficionado wrote:

> Hello,
>
> I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject.
>
> My command is:
> openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt
>
> I get prompted for password as expected.
>
> The encryption goes well, and then I proceed to decrypt using:
> openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt
>
> The program executes but I get a "bad decrypt" message. However, when I open dec.txt, it is the same as the original file payload.txt
>
> My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually.
>
> Can someone please explain to me why this might be happening?
>
> I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches.
>

AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL
throw out and error message if you try to use it from the command line.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

[Sec_Aficionado]

Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it.

Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP is the intended way but there are no PHP bindings, only C from what I can tell.

As a bit of background, I need to send an encrypted token to a client, which will return it when communicating back with the server. I need some form of authenticated encryption for that and OpenSSL seems like a perfect fit.

Thanks for your help.

Sent from my mobile

[Matt Caswell]

On 10/02/15 14:09, Sec_Aficionado wrote:
> Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it.

It does:

https://www.openssl.org/docs/apps/enc.html
"The enc program does not support authenticated encryption modes like
CCM and GCM. The utility does not store or retrieve the authentication tag."

>
> Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP is the intended way but there are no PHP bindings, only C from what I can tell.

No - you can't do AES-GCM from the command line (things like s_server
and s_client support it - but that doesn't help you for what you want to
do). We don't supply the PHP bindings - you'll have to talk to the PHP
guys about that.

Matt

[Sec_Aficionado]

Matt,

Thanks for keeping me honest! I see it now, but I totally missed it before. I must have just played with the cli and not read the full page.

Can you please confirm that EVP is the way to go? I'll create my own little PHP extension since I only need a very specific action.

Thanks for your help!

Sent from my mobile
Please forgive any "autocorrections" I may have missed

[Matt Caswell]

On 10/02/15 15:31, Sec_Aficionado wrote:
> Matt,
>
> Thanks for keeping me honest! I see it now, but I totally missed it before. I must have just played with the cli and not read the full page.
>
> Can you please confirm that EVP is the way to go? I'll create my own little PHP extension since I only need a very specific action.

Yes. EVP is the correct way to use GCM.

See:

http://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption

and

https://www.openssl.org/docs/crypto/EVP_EncryptInit.html#gcm_and_ocb_modes

Note the docs on the website are for 1.1.0 (unreleased) and are subtly
different to 1.0.2/1.0.1. In particular they use the newly introduced
AEAD flags instead of mode specific ones. So where the docs talk about:
EVP_CTRL_AEAD_SET_IVLEN
EVP_CTRL_AEAD_GET_TAG
EVP_CTRL_AEAD_SET_TAG

You should instead use the GCM specific versions:
EVP_CTRL_GCM_SET_IVLEN
EVP_CTRL_GCM_GET_TAG
EVP_CTRL_GCM_SET_TAG

These will still work when 1.1.0 is released.

[Jakub Zelenka]

Hi,

On Tue, Feb 10, 2015 at 3:31 PM, Sec_Aficionado <secafi...@gmail.com> wrote:

Matt,

Thanks for keeping me honest! I see it now, but I totally missed it before. I must have just played with the cli and not read the full page.

Can you please confirm that EVP is the way to go? I'll create my own little PHP extension since I only need a very specific action.

I'm probably a bit late with the reply... If you haven't implemented already, this might help you: https://github.com/bukka/php-crypto . However the api is still unstable (it means that there will be changes in the future). I have frozen the development for some time but will soon resume it as I will be finally able add compat layer for PHP 7 that is almost stable.

Cheers

Jakub

[Sec_Aficionado]

Hi Jakub,

I have my custom solution in place and it works well, but I'm always willing to learn other ways to solve the problem.

I'll take a look this coming week. Thanks!

Sent from my mobile

_______________________________________________