I am using OpenSSL 1.0.1e-fips under RHEL 6.9.
I have encrypted a file with this command:
openssl enc -aes-256-gcm -a -e -in plaintext -out ciphertextI then decrypt the encrypted file with this command:
openssl enc -aes-256-gcm -a -d -in ciphertextThis command produces this output:
test text
bad decryptThe file has decrypted properly (i.e. the content of the file was indeed "test text"), but OpenSSL is reporting "bad decrypt". This happens even if I explicitly specify a hash function to use (e.g. -md sha512).
Why am I getting the "bad decrypt" message?
1 Answer
No version of OpenSSL supports any AEAD mode (which includes GCM) in conjunction with the "enc" command line app. All currently supported versions of OpenSSL will display an error message if you try to encrypt/decrypt using such a mode:
$ openssl enc -aes-256-gcm -a -e -in plaintext -out ciphertext
enc: AEAD ciphers not supportedOpenSSL 1.0.1 is a very old version of OpenSSL and is not currently supported by the project (although it may be supported by Red Hat). Very old versions of OpenSSL did not have the AEAD check that produces the above warning and attempted to encrypt/decrypt anyway - but incorrectly. Most significantly the "enc" command does not know how to handle the "tag" of an AEAD mode (hence the "bad decrypt" message you see). The tag is critical for security since it verifies the integrity of the ciphertext.
The command may look like its worked - but it hasn't. Basically don't use GCM mode with the enc command.
1
