20

In April I encrypted a file using the command

openssl enc -aes-256-cbc -salt -pass file:<passwordfile> < infile > outfil

Now I want to decrypt it with

openssl enc -d -aes-256-cbc -salt -pass file:<passwordfile> -in outfil -out infile2

but I get bad magic number.

A file encrypted yesterday with the same parameters decrypts ok.

What could have happened? and is there anyway I can retrieve this archived file?

Improve this question

6 Answers 6

Reset to default
9

If you encrypted with OpenSSL <=1.0.2 and you are decrypting with OpenSSL 1.1.0 then it is probably this:

https://www.openssl.org/docs/faq.html#USER3

The default hash used to generate the key from the password changed between 1.0.2 and 1.1.0. Try adding -md md5 onto your decryption command.

Improve this answer
2
  • 1
    thanks I was afraid it might be something like this We are in an unusual situtaion wanting to restore something this old. I will give this a try Commented Nov 9, 2017 at 15:09
  • 1
    A mismatch in defaulted pbe-hash (or specifying the wrong hash or just the wrong password) will cause garbage decrypt which for a CBC-mode cipher (as here) will almost always be detected as 06065064 'bad decrypt' -- but not 'bad magic number'. Only a damaged file, or one encrypted with -nosalt or a really ancient OpenSSL (before 0.9.6 at most) does that. Commented Apr 28, 2019 at 6:33
6

Just for completeness: encrypting with -a params ( Perform base64 encoding/decoding (alias -base64) ) and decrypting without it, bad magic number given.

Improve this answer
2
  • This is the key! Thanks Commented Apr 10, 2023 at 15:06
  • Same issue for me, I was fighting with derive returning binary symmetric key and stored wrong encrypted data Commented May 18, 2024 at 19:04
4

The general cause for this error is that the key computed by OpenSSL from the password is wrong, meaning not the same as the key that encrypted the data.

One reason when this error can show up, in a different situation than the original question, is if you are encrypting using another tool than OpenSSL, for example encrypting in Java, and decrypting using SSL.

See solution here for Java: https://stackoverflow.com/questions/22610761/aes-simple-encrypt-in-java-decrypt-with-openssl/55884564#55884564

Improve this answer
1
  • Wrong password, like wrong hash (often due to version change), causes 'bad decrypt' but NEVER 'bad magic number', not in a billion years. Yes, encrypting with something that isn't OpenSSL (and isn't intentionally compatible) is another cause of 'bad magic number', but is impossible for this Q. Commented Dec 31, 2024 at 0:43
3

The command below gave me pain:

openssl aes-256-cbc -d -in hotmama.tar.bz2.enc -out hotmama.tar.bz2 enter aes-256-cbc decryption password: bad magic number

And the below command solved it, and gave me pleasure:

openssl aes-256-cbc -md md5 -in hotmama.tar.bz2.enc -out hotmama.tar.bz2 enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
Improve this answer
1
  • 13
    In the second command, you are not decrypting (-d) ... Commented Aug 8, 2018 at 8:01
0

I was experiencing same problem and my case was multiple lines in pass file.

I was moving from RSA to ECC and I have missed -A param for openssl "base64", so I've received multiline base64 password. openssl "enc" failed to handle such pass file and bad magic number error appeared.

Complete solution for me looks as follows:

openssl "pkeyutl" -derive -inkey "<privateKeyPath>" -peerkey "<publicKeyPath>" | openssl "base64" -A -out "<symmetricKeyPath>" openssl "enc" -aes-256-cbc -pbkdf2 -in "<filePath>" -out "<fileEncPath>" -pass "file:<symmetricKeyPath>"
Improve this answer
0

Just add -base64 in your code to decrypt.  Example:

encryption: 

openssl enc -a -aes-256-cbc -in secret.txt -out secretcrypte.txt

to decrypt: 

openssl enc -d -aes-256-cbc -base64 -in secretcrypte.txt -out secretdecrypte.txt

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.