|
![]() |
Decryption Failure with AES 256 |
Russell Weetch 2018-07-30 18:12:53 Registered user |
We have a system that we use with a client and they send us encrypted files. They provide us with the keys and iv in HEX format and we have not had an issue until now.
They have created a new key/iv set using openssl and have encrypted a file using OpenSSL v1.0.1f on Ubuntu. They encrypt a file and can decrypt it. When I use StreamSec to try and decrypt it fails and stepping through it fails within VerifyFinalBuf. I have installed OpenSSL 1.0.f and when I try to decrypt using that I get the error ":digital envelope routines:EVP_DecryptFinal_ex:wrong final block length" Any ideas? Thanks |
Henrick Wibell Hellström 2018-07-30 18:48:59 Registered user |
Given that ST 4.0 and OpenSSL appear to complain about the same thing, plus that everything worked up to the most recent key change, the most obvious answer is that they gave you the wrong key.
I am assuming you are using AES 256 in CBC mode, and that the plain text is typically longer than 15 bytes. Are you using a HMAC for integrity? |
Russell Weetch 2018-07-30 19:48:59 Registered user |
We have tried with 2 sets of keys and using AES 256 in CBC mode - I'm wondering about that 15 byte thing. Let me check what they sent.
|
Russell Weetch 2018-07-31 19:33:06 Registered user |
It was the 15 byte limit that was the issue. Thanks for pointing me in that direction.
Is there a StreamSec example of using HMAC? And is there a way of identifying a decryption error other than just checking that the result isn't blank? Thansk |
Henrick Wibell Hellström 2018-07-31 23:01:52 Registered user |
Yes, there are several HMAC examples in the demo folder, under Hash.
Symmetric ciphers usually aren't sensitive to decryption errors, and they are not supposed to be. The best way to check for cipher text corruption is for the sender to HMAC the cipher text and append the HMAC value. If the HMAC key and cipher key are both derived (using a secure KDF) from the same key material, verifying the HMAC will give you some assurance that the cipher keys will also match. |