This is a companion discussion topic for the original entry at https://linuxconfig.org/using-openssl-to-encrypt-messages-and-files-on-linux
Krister Brandser
Base64 isn’t encryption. It’s encoding… It’s like trying to hide a pink elephant behind a leaf…
Hunter
Would appreciate your assistance!!
I encrypted a .dmg file using openssl encryption on my Macbook Pro, keeping the output name the same as the input name. I didn’t know this would be problematic, as I am now unable to decrypt the .dmg file even with the correct password.
Some folks say it could not be done, but it seemed to have worked for me. Now, I can’t open the file and am afraid it will be impossible to decrypt.
Note: If you use the same code, but change the output name, it can decrypt just fine. Again, my issue was that I encrypted the file using the same output name as the input, which has made it impossible for me to decrypt it.
Here’s what the code looks like:
openssl enc -aes-256-cbc -d -in /Users/huntert/Desktop/IMPT.dmg -out /Users/huntert/Desktop/IMPT.dmg
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
When I tried to decrypt it, I received the folllowing messages:
enter aes-256-cbc decryption password:
error reading input file
I should’ve been more cautious and tried it on a rubbish file. Lesson learned. Still, I encrypted a very important file. Any troubleshooting advice or assistance would be much appreciated. Thanks.
Lubos Rendek Mod -> Hunter
Hi Hunter,
I’m sorry to hear about your trouble. I have tried your scenario and it seem that I might have a bad news for you unless you have a backup of the original encrypted file.
Keeping the same name during encryption is not an issue. However, it clearly should be avoided! What is a real issue here is that with your attempt to decrypt the file you actually removed its content by opening it for writing and the file is more likely empty now. Run “file” command against your file eg.:
$ file /Users/huntert/Desktop/IMPT.dmg
and see what the output you get. If you get “openssl enc’d data with salted password” you are all good but if you get “empty” ( you can also check a size of this file ) then the only way out is to have an original encrypted file. Hopefully you have a backup somewhere. In that case all you need to do is to change the name of the output file to successfully decrypt. Example ( note: IMPT2.dmg )
$ openssl enc -aes-256-cbc -d -in /Users/huntert/Desktop/IMPT.dmg -out /Users/huntert/Desktop/IMPT2.dmg
I have put up a warning inside the file encryption section on this page to warn others before falling into the same pit.
Lubos
Hunter -> Lubos Rendek
Lubos,
Thanks for your reply. You’re right: it’s empty. I didn’t have a backup; a message to back up my computer appeared the morning of, and I blatantly ignored it. That was my moment of regret. Again, many thanks for your help and explanation. All the best to you, Lubos.
Phillip Burger
The command above ‘echo “OpenSSL” | openssl enc -aes-256-cbc -a enter aes-256-cbc’ looks like it should instead be ‘echo “OpenSSL” | openssl enc -aes-256-cbc -a’
Very helpful post. Thank you for putting this together and sharing.
Lubos Rendek Mod -> Phillip Burger
Thanks Philip, this will be updated shortly.
Ibnu Batutah Zarizal
Great. Finally I found about it. Thanks.