倉庫指標
- Star
- (30,157 star)
- PR 合併指標
- (30 天內沒有已合併 PR)
描述
SALT=aabbccddeeff0011
echo raininspain | openssl enc -aes256 -pbkdf2 -pass pass:hello -S $SALT > crypt.bin
openssl enc -aes256 -pbkdf2 -pass pass:hello -d -in crypt.bin
# bad magic number
It's unmagical because the salt is no longer included in the encrypted output. Decryption is still possible, but only if the salt that was used is specified on the command line:
openssl enc -aes256 -pbkdf2 -pass pass:hello -d -in crypt.bin -S $SALT
# raininspain
However, that is not how a salt is supposed to work. A salt is a salt, not a second password that needs to be recorded or remembered. The salt should always be included in the encrypted output. That is how it worked in earlier versions of openssl (and how it still works in the case of a random salt).
The manual workaround, if anyone needs it, is to prefix 16 bytes to the output, with the second 16 bytes being the salt:
((echo -n Salted__|xxd -p; echo $SALT)|xxd -p -r; cat crypt.bin) > crypt-salt.bin
Decryption then works as it should, without needing to specify the salt:
openssl enc -aes256 -pbkdf2 -pass pass:hello -d -in crypt-salt.bin
# raininspain
For openssl, the fix is the same, i.e., prepend "Salted__" and the salt, whether the salt is random or specified on the command line. That is what it used to do.
openssl version
# OpenSSL 3.1.2 1 Aug 2023 (Library: OpenSSL 3.1.2 1 Aug 2023)
Related: #19730