A worse problem is the way the key is derived from the password: openssl enc uses a single round of MD5, which is bad — deriving a key from a password should use an intrinsically slow function (a key stretching function) to slow down brute force cracking attempts where the attacker tries likely passwords (dictionary words, 1337 variations, etc.).
Delphi Encryption - PHP Decryption. OpenSSL method usage and AES type AES-256-CBC Encrypt & Decrypt Files With Password Using OpenSSL Option -a should also be added while decryption: $ openssl enc -aes-256-cbc -d -a -in file.txt.enc -out file.txt Non Interactive Encrypt & Decrypt. Warning: Since the password is visible, this form should only be used where security is not important. By default a user is prompted to enter the password. Using AES with OpenSSL to Encrypt Files
There are some troubles implementing a 1:1 encryprion/decription between mcrypt and openssl using MCRYPT_RIJNDAEL_128 CBC because the AES-256 is different from RIJNDAEL-256. The 256 in AES refers to the key size, where the 256 in RIJNDAEL refers to block size.
Using AES with OpenSSL to Encrypt Files
openssl enc -aes-256-cbc -pass pass:MYPASSWORD -P If you run this command several times, you will notice each invocation returns different values ! That's because, in the absence of the -d flag, openssl enc does encryption and generates a random salt each time. Since the salt varies, so do the key and IV.
So, if I want for example to encrypt the text “I love OpenSSL!” with the AES algorithm using CBC mode and a key of 256 bits, I simply write: > touch plain.txt > echo "I love OpenSSL!" > plain.txt > openssl enc -aes-256-cbc -in plain.txt -out encrypted.bin enter aes-256-cbc encryption password: hello Verifying - enter aes-256-cbc Cipher Suite Info Advanced Encryption Standard with 256bit key in Cipher Block Chaining mode (AES 256 CBC) Cipher Block Chaining: The CBC mode is vulnerable to plain-text attacks with TLS 1.0, SSL 3.0 and lower. Simple File Encryption with OpenSSL | Tombuntu Dec 12, 2007 Use Openssl to encrypt/decrypt files – sreek