Bug 130130 - Include standalone 'des' binary from OpenSSL
Summary: Include standalone 'des' binary from OpenSSL
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2004-08-17 13:35 UTC by Ed Avis
Modified: 2015-02-06 11:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-09 09:45:44 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ed Avis 2004-08-17 13:35:54 UTC
When you build OpenSSL you can also build a standalone 'des' program
(it ends up as crypto/des/des).  This is a useful tool for DES
encryption and decryption, which some people still use.  Please can
you arrange for this program to be built and installed as part of the
RPM package?

Comment 1 Tomas Mraz 2005-02-09 09:45:44 UTC
Why can't you use 'openssl des ...' instead?

Comment 2 Ed Avis 2005-02-24 19:04:19 UTC
As far as I can tell 'openssl des' works differently from the 'des' program - it
won't decrypt the same files (none of the 12 or so different des variants
supported by 'openssl des' works, but plain 'des' works).

However I will ask on the openssl list to get a definitive answer.

Comment 3 Chris Wilson 2015-02-06 11:38:11 UTC
'openssl des' uses a weird old method, invented by MIT and not used elsewhere, to generate the encryption key from the password supplied on the command line:


There is apparently no way to call DES_string_to_key() (or equivalent) in the new OpenSSL API, since everything has standardised on EVP_BytesToKey instead, which generates the key using one of the standard OpenSSL message digest suites, which doesn't include DES_string_to_key().

This means that the following commands produce different results, because they use different keys:

openssl enc -d -des -k "MyPasswd" -in encrypted.bin
des -D -k "MyPasswd" -in encrypted.bin

The solution is to transform your key using DES_string_to_key(), while you still can (it's being removed from OpenSSL). You could write a C program, or use Python ctypes to do it:

from ctypes import *
buf = create_string_buffer(8)
cdll.libcrypto.DES_string_to_key('MyPasswd', buf)
print "".join("{:02x}".format(ord(c)) for c in buf.raw)

This will output a hex string that you can pass to "openssl enc" with the -K parameter (instead of -k) to be used as the raw key, like this:

openssl enc -d -des -K ea8907c7407cc1a8 -iv 0000000000000000 -in encrypted.bin

Note that you also have to supply the IV if you supply your own key as a hex string. The old des utility sets the IV to all zero bytes by default.

Note You need to log in before you can comment on or make changes to this bug.