Hide Forgot
When you build OpenSSL you can also build a standalone 'des' program (it ends up as crypto/des/des). This is a useful tool for DES encryption and decryption, which some people still use. Please can you arrange for this program to be built and installed as part of the RPM package?
Why can't you use 'openssl des ...' instead?
As far as I can tell 'openssl des' works differently from the 'des' program - it won't decrypt the same files (none of the 12 or so different des variants supported by 'openssl des' works, but plain 'des' works). However I will ask on the openssl list to get a definitive answer.
'openssl des' uses a weird old method, invented by MIT and not used elsewhere, to generate the encryption key from the password supplied on the command line: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/des/des.c#L418 There is apparently no way to call DES_string_to_key() (or equivalent) in the new OpenSSL API, since everything has standardised on EVP_BytesToKey instead, which generates the key using one of the standard OpenSSL message digest suites, which doesn't include DES_string_to_key(). This means that the following commands produce different results, because they use different keys: openssl enc -d -des -k "MyPasswd" -in encrypted.bin des -D -k "MyPasswd" -in encrypted.bin The solution is to transform your key using DES_string_to_key(), while you still can (it's being removed from OpenSSL). You could write a C program, or use Python ctypes to do it: from ctypes import * buf = create_string_buffer(8) cdll.libcrypto.DES_string_to_key('MyPasswd', buf) print "".join("{:02x}".format(ord(c)) for c in buf.raw) This will output a hex string that you can pass to "openssl enc" with the -K parameter (instead of -k) to be used as the raw key, like this: openssl enc -d -des -K ea8907c7407cc1a8 -iv 0000000000000000 -in encrypted.bin Note that you also have to supply the IV if you supply your own key as a hex string. The old des utility sets the IV to all zero bytes by default.