Red Hat Bugzilla – Bug 1470942
Files encrypted with Fedora 24 openssl cannot be decrypted with Fedora 26 openssl
Last modified: 2017-07-14 03:48:20 EDT
Created attachment 1298119 [details]
Contains all files need to reproduce the problem.
Description of problem: I get an error when I use F26's openssl to decrypt a file that I encrypted with F24's openssl. Although the decrypted file is created, it is not useable.
Version-Release number of selected component (if applicable):
Fedora 24: openssl Version 1.0.2k, Release 1.fc24
Fedora 26: openssl Version 1.1.0f, Release 4.fc26
How reproducible: Every time
Steps to Reproduce:
1. Create a zip file on a Fedora 24 computer (may happen with other files--I have only tried zip files).
2. Create a password file.
3. Encrypt the zip file. Here is the command I used:
openssl enc -e -aes-256-cbc -pass file:easy-password.txt -in temp.zip -out temp.zip.enc
4. Copy the encrypted file and password file to a Fedora 26 computer.
5. Attempt to decrypt the encrypted file. Here is my command:
openssl enc -d -aes-256-cbc -pass file:easy-password.txt -in temp.zip.enc -out temp.zip
139723542062848:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:573:
Although the output file, temp.zip, is created, it cannot be unzipped.
No error message from the 'openssl enc -d ...' command.
The output of the openssl command is a valid zip file that can be unzipped.
Additional info: The attachment contains temp.zip, temp.zip.enc and easy-password.txt, all the files referenced in the commands above. These files (and this bug report) were created on an F24 system.
Please see the enc(1) manual page. "The default digest was changed from MD5 to SHA256 in Openssl 1.1"
To decode the files encrypted with OpenSSL 1.0 simply add -md md5 option.