openssl aes gcm encryption with authentication TAG; command line
Clash Royale CLAN TAG#URR8PPPopenssl aes gcm encryption with authentication TAG; command line
I'm trying to encrypt a file in AES-GCM mode with 'openssl' th/ command line
openssl enc -aes-256-gcm -p -iv 000000000000000000000000 -K 00000000000000000000000000000000000000000000000000000000000000 -nosalt -in file.raw -out file.enc`
Encryption works but I could not find a way to retrieve a resulting GCM tag.
Is there a way to get it?
In this document (link) I found "Note that it is now even possible to use authenticated mode like CCM or GCM" but still there is none info how to do that.
Or if there any other standard macos tool which could do the same job?
PS: I'm interesting in doing that through the means of commonly distributed command line tools, that's not a question about writing own utility
1 Answer
1
Note: as user dave_thompson_085 pointed out below, the results in the remainder of the answer are not relevant for current versions of OpenSSL. I was accidentally using LibreSSL openssl. Reading a current version of the OpenSSL documentation for the enc tool, it contains the following sentence
openssl
enc
The enc program does not support authenticated encryption modes like
CCM and GCM. The utility does not store or retrieve the authentication
tag.
This answers your question, I suppose -- depending on which version of OpenSSL you are using.
Original answer, obtained with LibreSSL openssl which comes with macOS:
openssl
The GCM tag is not stored in the output file when using the openssl enc app. You can see that from the following one-liner:
openssl enc
$ echo -n 'abcdefghijklmnop' | openssl enc -aes-256-gcm -K 0 -iv 0 | hexdump -C
00000000 af c5 23 59 28 06 0c 06 6e 24 ae bf d7 9d f2 68 |..#Y(...n$.....h|
00000010
The size of the output is exactly the same as the size of the input, no tag bytes anywhere.
You can also see it by inspecting the implementation enc.c. It does not do any EVP_CIPHER_CTX_ctrl() call to deal with the GCM tag, as explained in the OpenSSL Wiki page on EVP Authenticated Encryption and Decryption. In other words, he tag data is lost.
EVP_CIPHER_CTX_ctrl()
On decryption with aes-256-gcm, the tool itself ignores the absence of the tag as well. A message bad decrypt is emitted to stderr but that seems to come from a different layer than the application, which happily prints the result:
aes-256-gcm
bad decrypt
stderr
$ echo -n 'abcdefghijklmnop' | openssl enc -aes-256-gcm -K 0 -iv 0 | openssl enc -aes-256-gcm -K 0 -iv 0 -d
bad decrypt
abcdefghijklmnop
Look up at line 341 and you'll see that version (1.0.2n) gives an error message instead. Only 1.0.1 base through patch g had the buggy behavior -- at least upstream; distros may differ. Neardupe stackoverflow.com/questions/27561605/… Also see github.com/openssl/openssl/issues/471
– dave_thompson_085
2 days ago
Ah, thanks @dave_thompson_085 for pointing that out. I did not realize I was using version
LibreSSL 2.3.1 when testing this. I have updated my answer.– Reinier Torenbeek
2 days ago
LibreSSL 2.3.1
Hmm... that versioning, indeed, is really confusing. Turned out that I looked at a wrong doc. Thanks guys.
– user3124812
18 hours ago
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
You're last paragraph summarises why this question is off-topic - it has nothing to do with programming. Try SuperUser.
– Luke Joshua Park
2 days ago