Location: Saint Paul, MN USA / BSD, CentOS, Debian, OS X, Solaris
Posts: 2,288
Thanks Given: 430
Thanked 480 Times in 395 Posts
Hi.
For version:
Code:
OpenSSL 0.9.8g 19 Oct 2007
my man enc does not seem to have that text, nor does man openssl -- not that that would make any difference to me because I never use it directly (except in working on this issue) ... cheers, drl
However openssl enc appears to set k1 = k2 = k3 based on the following exercise:
Code:
$ cat plain.txt
Now is the time for all
$ openssl enc -des-ede3 -nosalt -nopad -K '0123456789abcdef' -iv '00000000' -in plain.txt | xxd
0000000: 3fa4 0e8a 984d 4815 6a27 1787 ab88 83f9 ?....MH.j'......
0000010: 893d 51ec 4b56 3b53 .=Q.KV;S
$
Ignoring the spurious OpenSSL error (not shown here), this matches the expected output for DES-ECB as detailed in FIPS-81 Appendix B Table B1.
On the other hand libtomcrypt appears to implement triple-DES EDE with k1 != k2 != k3 for a 24 byte key and k1 = k3 != k2 for a 16 byte key. That is why they require a either a 16-bit ior a 32-bit key for triple-DES.
If you want to experiment, here is a short example program which i hacked together for use with libtomcrypt:
Code:
#include <stdio.h>
#include <string.h>
#include <tomcrypt.h>
int main(void)
{
unsigned char pt[9], ct[60], sugkey[60], key[60];
symmetric_key skey;
int err;
int keysize;
int i;
/* zeroize */
memset(&pt, 0, sizeof(pt));
memset(&ct, 0, sizeof(ct));
memset(&sugkey, 0, sizeof(sugkey));
memset(&key, 0, sizeof(key));
strcpy(pt, "Now is the time for all"); /* block to encrypt */
strcpy(sugkey, "012345678012345678012345678"); /* suggested key */
/* first perform self test */
if ((err = des3_test()) != CRYPT_OK) {
printf("Self test failed: %s\n", error_to_string(err));
return 1;
}
/* then check key length */
keysize = strlen(sugkey);
if ((err = des3_keysize(&keysize)) != CRYPT_OK) {
printf("Error getting key size: %s\n", error_to_string(err));
return 1;
}
memcpy(&key, &sugkey, (size_t) keysize);
printf("Input text block = %s\n", pt);
printf("Suggested key = %s\n", sugkey);
printf("Recommended keysize = %d\n", keysize);
printf("Adjusted key = %s\n", key);
/* schedule the key */
if ((err = des3_setup(key, keysize, 0, &skey)) != CRYPT_OK) {
printf("Setup error: %s\n", error_to_string(err));
return 1;
}
/* encrypt the block using triple-DES-ECB */
des3_ecb_encrypt(pt, ct, &skey);
printf("Encrypted block = ");
for (i = 0; i < 8; i++)
printf("[%2x]", ct[i]);
printf("\n");
/* ct holds the encrypted version of pt. now decrypt it using triple-DES-ECB */
des3_ecb_decrypt(ct, pt, &skey);
printf("Output text block = %s\n", pt);
/* free cipher key */
des3_done(&skey);
return 0;
}
Hello Admins.
I need to upgrade the openssl version in Solaris 10 due to vulnerabilities. When I checked the current version, it shows:
bash-3.2# openssl version
OpenSSL 1.0.2n 7 Dec 2017
bash-3.2# which openssl
/usr/bin/openssl
When I installed the new one, its getting... (0 Replies)
im trying to make sure the openssl password does not show up in the output of ps.
so i'm trying to do something like this:
MAST=yup
echo "U2FsdGVkX19wH9LrQhuRZes45BM9rfiRpdhTCi+gLls=" | openssl <<HERE 2>&1 >/dev/null
aes-128-cbc -a -d -salt -k "${MAST}"
HERE
But this isn't working.. I... (10 Replies)
I just started playing around with Unix's OpenSSL utility. I can't seem to get the hang of it, and the man page isn't helping much. I wanted to experiment with file encryption, so I created a dummy text file with one line of text and tried to encrypt it using DES. I used the following command:
... (2 Replies)
Hi ,
1-I need to know please if it's possible to compress using openssl?
Here is the version used:
openssl version -a
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2008-5077... (3 Replies)
Hi Peeps,
Having trouble compiling openssl 0.9.8r on Solaris 10 x86. The make test fails when running the shatests (segmentation faults). There is a PROBLEM file that references a file called values.c. Anyone know whereabouts in the source tree you put this file as the file doesn't tell you... (2 Replies)
All,
I am new to openssl and I have not been able to figure out exactly how to use it. What I need to do is to create a shell script which FTPS's (SFTP is not allowed on my project) a file to a mainframe. The mainframe will not initiate a session with my server.
Question. Are the packages... (7 Replies)
Hi,
I want to encrypt a unix file using the des3 algorithm. Seems that there are no standard unix utilities readily available. Can you please suggest how I can encrypt a unix file using des3 ? (2 Replies)
ERROR OpenSSL version mismatch. Built against 908070, you have 9080bf^M
2009.11.20 15:23:25 ERROR Connection closed^M
i am new in solaris,i not have great know in this operative system
Help me how i can fixed this, in the machine has installed Solaris
Machine hardware: ... (1 Reply)
I ungraded my openssl on sun solaris 8 from openssl 0.9.6c to openssl 0.9.6g the ungrade went
fine but when I tried to ssh in to server, I received the following error message
"ld.so.1: ./sshd: fatal: relocation error: file /usr/local/ssl/lib/libcrypto.so.0.9.6: symbol main: referenced symbol... (2 Replies)
