Bug 130130 - Include standalone 'des' binary from OpenSSL
Include standalone 'des' binary from OpenSSL
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2004-08-17 09:35 EDT by Ed Avis
Modified: 2015-02-06 06:38 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-09 04:45:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ed Avis 2004-08-17 09:35:54 EDT
When you build OpenSSL you can also build a standalone 'des' program
(it ends up as crypto/des/des).  This is a useful tool for DES
encryption and decryption, which some people still use.  Please can
you arrange for this program to be built and installed as part of the
RPM package?
Comment 1 Tomas Mraz 2005-02-09 04:45:44 EST
Why can't you use 'openssl des ...' instead?
Comment 2 Ed Avis 2005-02-24 14:04:19 EST
As far as I can tell 'openssl des' works differently from the 'des' program - it
won't decrypt the same files (none of the 12 or so different des variants
supported by 'openssl des' works, but plain 'des' works).

However I will ask on the openssl list to get a definitive answer.
Comment 3 Chris Wilson 2015-02-06 06:38:11 EST
'openssl des' uses a weird old method, invented by MIT and not used elsewhere, to generate the encryption key from the password supplied on the command line:


There is apparently no way to call DES_string_to_key() (or equivalent) in the new OpenSSL API, since everything has standardised on EVP_BytesToKey instead, which generates the key using one of the standard OpenSSL message digest suites, which doesn't include DES_string_to_key().

This means that the following commands produce different results, because they use different keys:

openssl enc -d -des -k "MyPasswd" -in encrypted.bin
des -D -k "MyPasswd" -in encrypted.bin

The solution is to transform your key using DES_string_to_key(), while you still can (it's being removed from OpenSSL). You could write a C program, or use Python ctypes to do it:

from ctypes import *
buf = create_string_buffer(8)
cdll.libcrypto.DES_string_to_key('MyPasswd', buf)
print "".join("{:02x}".format(ord(c)) for c in buf.raw)

This will output a hex string that you can pass to "openssl enc" with the -K parameter (instead of -k) to be used as the raw key, like this:

openssl enc -d -des -K ea8907c7407cc1a8 -iv 0000000000000000 -in encrypted.bin

Note that you also have to supply the IV if you supply your own key as a hex string. The old des utility sets the IV to all zero bytes by default.

Note You need to log in before you can comment on or make changes to this bug.