I am trying to convert my current OPENSSL code to python in Azure databricks which decrypts the encrypted file using RANDOM key and uses AES-256-CBC algorithm. File is shared by source team which is encrypted using the unix shell command. I tried to convert the code to python using subprocess module but facing this bad decrypt error. Is it due to platform constraints? Any help on understanding why shell script to decrypt is working fine but similar code written in python is throwing error.
Following code is working fine in shell and able to decrypt the file contents.
RANDOMKEYFILE= "RANDOM.key"
#Command used to create random key file
openssl rand -base64 128 > $RANDOMKEYFILE
#Command used to encrypt the file
openssl enc -md md5 -aes-256-cbc -a -salt -in <data_file.csv> -out <encrypted_file.csv.dat> -pass file:$RANDOMKEYFILE
#Command to decrypt the file
openssl enc -d -a -aes-256-cbc -in <encrypted_file.csv.dat> -out <decrypted_data_file.csv> -pass file:$RANDOMKEYFILE
Python code to perform similar decryption
#openssl version on Azure databricks:
#OpenSSL 1.1.1f 31 Mar 2020
import subprocess
def run_openssl_command( input_file, output_file, random_key_file):
# Constructing the openssl command
openssl_cmd = [
"openssl",
"enc",
"-d",
"-a",
"-aes-256-cbc",
"-in", encrypted_input_file,
"-out", output_decrypted_file,
"-pass", f"file:{random_key_file}"
]
# Run the openssl command
result = subprocess.run(openssl_cmd, capture_output=True, text=True)
# Check if the command ran successfully
if result.returncode == 0:
print("Decryption completed successfully.")
else:
print("Error occurred during decryption:")
print(result.stderr)
if __name__ == "__main__":
encrypted_input_file = "<encrypted_file.csv.dat>"
output_decrypted_file = "<decrypted_data_file.csv>"
random_key_file = "RANDOM.key"
run_openssl_command( encrypted_input_file, output_decrypted_file, random_key_file)
Error from this execution:
Error occurred during decryption: *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. bad decrypt 140376359998784:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
Added -pbkdf2 key derivation
openssl_cmd = [
"openssl",
"enc",
"-d",
"-a",
"-aes-256-cbc",
"-in", encrypted_input_file,
"-out", output_decrypted_file,
"-pass", f"file:{random_key_file}"
,"-pbkdf2" # Use PBKDF2 for key derivation
]
But, still facing bad decrypt error as below.
Error occurred during decryption: bad decrypt 140689765877056:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
Based on the exploration found these details. "bad decrypt" error in OpenSSL typically indicates that the decryption process failed due to incorrect or mismatched encryption parameters, such as incorrect key, incorrect IV (Initialization Vector), or incorrect encryption settings. It can also occur if the input data (encrypted file) is corrupted or modified.
Since there is no random IV characters used in encryption in shell command. Hence, IV cannot be shared be in decryption as same IV characters used in encryption should be used in decryption.
Expectation is to get the decrypted file as shared by source team irrespective of shell or python code, using Random key file.
