Linux – How to use password argument in via command line to openssl for decryption

command linelinuxopenssl

So it's not the most secure practice to pass a password in through a command line argument. That said, the documentation for openssl confused me on how to pass a password argument to the openssl command.

Here's what I'm trying to do

openssl aes-256-cbc -in some_file.enc -out some_file.unenc -d

This then prompts for the pass key for decryption. I searched the openssl documents and the interwebs to try and find the answer if I simply wanted to give the password to the command without trying to echo the password to the file. I tried adding -pass:somepassword and -pass somepassword both with and without quotes to no avail.

I finally figured out the answer and saw in some other forums people had similar questions, so I thought I would post my question and answer here for the community.

note: I'm using openssl version 0.9.8y

Best Answer

The documentation wasn't very clear to me, but it had the answer, the challenge was not being able to see an example.

Here's how to do it:

openssl aes-256-cbc -in some_file.enc -out some_file.unenc -d -pass pass:somepassword

Notice that the command line command syntax is always -pass followed by a space and then the type of passphrase you're providing, i.e. pass: for plain passphrase and then the actual passphrase after the colon with no space.

Additionally the documentation specifies you can provide other passphrase sources by doing the following:

env:somevar to get the password from an environment variable
file:somepathname to get the password from the first line of the file at location pathname
fd:number to get the password from the file descriptor number.
stdin to read from standard input

Now that I've written this question and answer, it all seems obvious. But it certainly took some time to figure out and I'd seen it take others similar time, so hopefully this can cut down that time and answer faster for others! :)

With OpenSSL 1.0.1e the parameter to use is -passin or -passout. So this example would be:

openssl aes-256-cbc -in some_file.enc -out some_file.unenc -d -passin pass:somepassword

Related Solutions

Linux – File encryption in a bash script without explicity providing password

reading man openssl (especially the section PASS PHRASE ARGUMENTS):

Several commands accept password arguments, typically using -passin 
and -passout for input and output passwords respectively. These allow
the password to be obtained from a variety of sources. Both of these
options take a single argument whose format is described below. If no
password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.

   pass:password
             the actual password is password. Since the password is visible
             to utilities (like 'ps' under Unix) this form
             should only be used where security is not important.

   env:var   obtain the password from the environment variable var. Since 
             the environment of other processes is visible on
             certain platforms (e.g. ps under certain Unix OSes)
             this option should be used with caution.

   file:pathname
             the first line of pathname is the password. If the same 
             pathname argument is supplied to -passin and -passout
             arguments then the first line will be used for the input 
             password and the next line for the output password.
             pathname need not refer to a regular file: it could for 
             example refer to a device or named pipe.

   fd:number read the password from the file descriptor number. This 
             can be used to send the data via a pipe for example.

   stdin     read the password from standard input.

openssl enc accepts -pass <arg> ... so, pick your arg from the list given above. eg:

 echo -n "secret" | openssl enc -aes-256-cbc -salt \
        -in file1 -out file1.enc \
        -pass stdin

Decrypt SSL traffic with the openssl command line tool – continued

Preliminarily, I hope you didn't actually do what you showed. Except for the labels, all the data used in TLS key derivation is binary data that cannot accurately be given as argument to a shell echo command or any other command, except possibly the builtin version in zsh if you disable escapes, and certainly cannot be 'typed' (even cut&pasted) in a literal argument with singlequotes.

If you actually have the data in files, those can be used. Binary data can be read from, and written to, files -- at least on the platforms OpenSSL supports. If you don't have files (but do have pipes) you can work-around this by passing the data in hex, and except for -macopt hexkey: which already takes hex, using either a program like xxd -r, or printf with the hex formed into escapes, or echo with the hex formed into non-portable escapes, or hacks like GNU sed s///e, or a more general program awk or perl, to convert the hex to binary for input to openssl. And when necessary similar hacks to convert binary output to hex, but dgst -mac hmac can output in hex as long as you remove the blahblah=(sp) from the front.

More substantively, running the first HMAC output back through itself only gives you the 'A' blocks, which you then run through another layer of HMACs to get the actual output 'P_hash'. See https://crypto.stackexchange.com/questions/46549/tls-1-2-prf-with-hmac-sha256 which is effectively the same question using a test vector published at https://www.ietf.org/mail-archive/web/tls/current/msg03416.html except I answered in Java. Here is the OpenSSL commandline equivalent:

$ echo $key; echo $lbsd # start from hex
9bbe436ba940f017b17652849a71db35
74657374206c6162656c a0ba9f936cda311827a6f796ffd5198c
$ echo $lbsd | xxd -r -p >a0
$ openssl dgst -sha256 -mac hmac -macopt hexkey:$key <a0 -binary >a1
$ openssl dgst -sha256 -mac hmac -macopt hexkey:$key <a1 -binary >a2
$ openssl dgst -sha256 -mac hmac -macopt hexkey:$key <a2 -binary >a3
$ openssl dgst -sha256 -mac hmac -macopt hexkey:$key <a3 -binary >a4
$ cat a1 a0 | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k1
$ cat a2 a0 | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k2
$ cat a3 a0 | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k3
$ cat a4 a0 | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k4
$ cat k1 k2 k3 k4 | head -c100 | xxd
0000000: e3f2 29ba 727b e17b 8d12 2620 557c d453  ..).r{.{..& U|.S
0000010: c2aa b21d 07c3 d495 329b 52d4 e61e db5a  ........2.R....Z
0000020: 6b30 1791 e90d 35c9 c9a4 6b4e 14ba f9af  k0....5...kN....
0000030: 0fa0 22f7 077d ef17 abfd 3797 c056 4bab  .."..}....7..VK.
0000040: 4fbc 9166 6e9d ef9b 97fc e34f 7967 89ba  O..fn......Oyg..
0000050: a480 82d1 22ee 42c5 a72e 5a51 10ff f701  ....".B...ZQ....
0000060: 8734 7b66                                .4{f

If you can get your code to replicate this, it should work for the actual TLS1.2 handshake also, adjusted for the correct lengths: 48 for the master secret, and depending on the ciphersuite for the working keys.

Best Answer

Related Solutions

Linux – File encryption in a bash script without explicity providing password

Decrypt SSL traffic with the openssl command line tool – continued

Related Question