In April I encrypted a file using the command
openssl enc -aes-256-cbc -salt -pass file:<passwordfile> < infile > outfil
Now I want to decrypt it with
openssl enc -d -aes-256-cbc -salt -pass file:<passwordfile> -in outfil -out infile2
but I get bad magic number.
A file encrypted yesterday with the same parameters decrypts ok.
What could have happened? and is there anyway I can retrieve this archived file?
If you encrypted with OpenSSL <=1.0.2 and you are decrypting with OpenSSL 1.1.0 then it is probably this:
https://www.openssl.org/docs/faq.html#USER3
The default hash used to generate the key from the password changed between 1.0.2 and 1.1.0. Try adding -md md5 onto your decryption command.
Just for completeness: encrypting with -a params ( Perform base64 encoding/decoding (alias -base64) ) and decrypting without it, bad magic number given.
The general cause for this error is that the key computed by OpenSSL from the password is wrong, meaning not the same as the key that encrypted the data.
One reason when this error can show up, in a different situation than the original question, is if you are encrypting using another tool than OpenSSL, for example encrypting in Java, and decrypting using SSL.
See solution here for Java: https://stackoverflow.com/questions/22610761/aes-simple-encrypt-in-java-decrypt-with-openssl/55884564#55884564
The command below gave me pain:
openssl aes-256-cbc -d -in hotmama.tar.bz2.enc -out hotmama.tar.bz2
enter aes-256-cbc decryption password:
bad magic number
And the below command solved it, and gave me pleasure:
openssl aes-256-cbc -md md5 -in hotmama.tar.bz2.enc -out hotmama.tar.bz2
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
-nosaltor a really ancient OpenSSL (before 0.9.6 at most) does that. – dave_thompson_085 Apr 28 '19 at 06:33