OpenSSL Symmetric Key Encryption Methods with PBKDF2 key derivation
[OpenSSL Home][Home]
In this case we will create cipher text from OpenSSL using a key derived from a password, and a salt value (defined in hex). In this case we will use the PBKDF2 key derivation method. [Decrypt]
|
Plaintext: hello, Ciphertext:U2FsdGVkX18kH6hnY7hTQYGmLZ4ZWNeKOcacCkoAZxI= Mode: aes-128-cbc Password: qwerty, PBKDF2
Plaintext: hello, Ciphertext: U2FsdGVkX18kH6hnY7hTQdRPShL/6sA0Es+KXSTMbZw= Mode: aes-256-cbc Password: qwerty, PBKDF2
Outline
For example for "Hello" with 256-bit AES CBC with a passphrase of "qwerty" and a salt value of "241fa86763b85341":
% echo -n "hello" | openssl enc -aes-128-cbc -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2 U2FsdGVkX18kH6hnY7hTQYGmLZ4ZWNeKOcacCkoAZxI=
The value of "U2FsdGVkX18" is the word: "Salted__", and defines that the next part of the salt value. Now we will decrypt the ciphertext:
% echo "U2FsdGVkX18kH6hnY7hTQYGmLZ4ZWNeKOcacCkoAZxI=" | openssl enc -aes-128-cbc -base64 -d -pbkdf2 -pass pass:"qwerty" hello
For 256-bit CBC:
echo -n "hello" | openssl enc -aes-256-cbc -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2 U2FsdGVkX18kH6hnY7hTQdRPShL/6sA0Es+KXSTMbZw=
And decrypt:
echo U2FsdGVkX18kH6hnY7hTQdRPShL/6sA0Es+KXSTMbZw= | openssl enc -aes-256-cbc -pass pass:"qwerty" -d -base64 -pbkdf2 hello