Bhasker C V wrote:
> Hi,
>
>
> Could someone help me please on how do I go about migrating data of mine
> from old SSL encryption
>
> For instance
>
>
> OPENSSL 1.1 (on a old system)
>
> $ echo hai | openssl bf-cbc -md md5 > hello.txt
>
> and then in
>
> OPENSSL 3
>
> $ cat hello.txt | openssl bf-cbc -md md5 -d -provider legacy
> enter BF-CBC decryption password:
> *** WARNING : deprecated key derivation used.
> Using -iter or -pbkdf2 would be better.
> EVP_BytesToKey failed
> 40D7C740377F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:373:Global
> default library context, Algorithm (MD5 : 100), Properties ()
> 40D7C740377F0000:error:03000086:digital envelope
> routines:evp_md_init_internal:initialization
> error:../crypto/evp/digest.c:252:
>
>
> Is there anything else missing other than -provider legacy for decrypting
> such files ? I am guessing the MD5 is not compatible with legacy provider.
>
> I have tried fips, base, legacy
I recommend two things:
First, use openssl 1.1 to decrypt your files. Once you have the
plaintext, you can re-encrypt them as you see fit.
Second, don't use openssl 3 yet. It's still the season of
frequent CVEs.
-dsr-