AES-XXX-GCM
Posted: Fri May 20, 2022 6:16 pm
Just to put some notes in a searchable forum, I wanted to post some info on why AES-XXX-GCM does not seem to work with LiveCode. What I am seeing is that the encrypted bytes are the same as the plaintext bytes (plus a salted key).
I am using CBC mode with HMACs for my work, but thought this post might save someone else some head scratching if they wanted to use GCM.
https://groups.google.com/g/mailing.ope ... bS9pFa79wJ
On Mon, Feb 09, 2015, Sec_Aficionado wrote:
> Hello,
>
> I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject.
>
> My command is:
> openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt
>
> I get prompted for password as expected.
>
> The encryption goes well, and then I proceed to decrypt using:
> openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt
>
> The program executes but I get a "bad decrypt" message. However, when I open dec.txt, it is the same as the original file payload.txt
>
> My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually.
>
> Can someone please explain to me why this might be happening?
>
> I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches.
>
AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL
throw out and error message if you try to use it from the command line.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
On 10/02/15 14:09, Sec_Aficionado wrote:
> Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it.
It does:
https://www.openssl.org/docs/apps/enc.html
"The enc program does not support authenticated encryption modes like
CCM and GCM. The utility does not store or retrieve the authentication tag."
Dr. Stephen Henson
I am using CBC mode with HMACs for my work, but thought this post might save someone else some head scratching if they wanted to use GCM.
https://groups.google.com/g/mailing.ope ... bS9pFa79wJ
On Mon, Feb 09, 2015, Sec_Aficionado wrote:
> Hello,
>
> I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject.
>
> My command is:
> openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt
>
> I get prompted for password as expected.
>
> The encryption goes well, and then I proceed to decrypt using:
> openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt
>
> The program executes but I get a "bad decrypt" message. However, when I open dec.txt, it is the same as the original file payload.txt
>
> My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually.
>
> Can someone please explain to me why this might be happening?
>
> I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches.
>
AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL
throw out and error message if you try to use it from the command line.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
On 10/02/15 14:09, Sec_Aficionado wrote:
> Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it.
It does:
https://www.openssl.org/docs/apps/enc.html
"The enc program does not support authenticated encryption modes like
CCM and GCM. The utility does not store or retrieve the authentication tag."
Dr. Stephen Henson