This blog contains experience gained over the years of implementing (and de-implementing) large scale IT applications/software.

PowerShell Encrypt / Decrypt OpenSSL AES256 CBC

A few months back I had a Korn shell script which used OpenSSL to encrypt some text using AES 256 CBC.
I managed, through the power of stackoverflow.com and various other blogs, to write a Java routine to perform the exact same encrypt/decrypt.
This allowed me to encrypt in Korn on Linux and decrypt in Java which was running inside a SAP Netweaver application server, or the other way around (encrypt in Java and decrypt in Korn using OpenSSL).

About 2 months after that, I needed the same set of routines to be written in PowerShell, allowing the same encrypted text to be encrypted on Linux with OpenSSL and decrypted on Windows in PowerShell (no need for OpenSSL).

I forked the PowerShell code which did the initial encryption and wrote the decryption routine which I’ve published as a Github gist here:

https://gist.github.com/Darryl-G/d1039c2407262cb6d735c3e7a730ee86


2 thoughts on PowerShell Encrypt / Decrypt OpenSSL AES256 CBC

  1. Hi Derryl,
    your script translates the following openssl command:
    echo -n “SomePlainText”|/usr/bin/openssl enc -A -e -aes-256-cbc -a -pass pass:ThePassword
    How would you have to modify it to translate this command:
    echo -n “SomePlainText”|/usr/bin/openssl enc -A -e -aes-256-cbc -a -pass pass:ThePassword -md md5
    Can you help me please?

    1. Hello, It’s been a long time since I wrote that.
      Looking here
      at the manual page for openssl, the default MD (message digest) is sha256.
      It would seem to output a message digest in md5 of the encrypted content. So effectively a one-way hash once the encryption is done.
      Maybe try looking at the standard Powershell md5 hashing of the encrypted text?

      Darryl

Add Your Comment

* Indicates Required Field

Your email address will not be published.

*