Openssl decryption error

ParthMishra0610 · September 4, 2023, 9:57am

openssl enc -aes-256-cbc -salt -in "$input_file" -out "$output_file" -pass pass:"$encryption_key"

I used this command to encrypt a file in my local machine and then set the encrypted file as a secret file in jenkins.

Now in my jenkins freestyle project when i try to use the decryption command it refuses to work no matter what i try.

Hard coding the key also dosent do anything so key isnt the problem

openssl enc -d -aes-256-cbc -salt -in "$SECRET_FILE" -pass pass:"$DECRYPTION_KEY"

this just fails the shell script

when I try to encrypt and decrypt both within the build it still fails


#!/bin/bash

# String to encrypt
plaintext="This is a secret message."

# Encryption passphrase (you can change this)
passphrase="YourPassphraseHere"

# Encrypt the string
encrypted_string=$(echo -n "$plaintext" | openssl enc -aes-256-cbc -a -salt -pass pass:"$passphrase")

# Display the encrypted string
echo "Encrypted String: $encrypted_string"

# Decrypt the string
decrypted_string=$(echo -n "$encrypted_string" | openssl enc -d -aes-256-cbc -a -salt -pass pass:"$passphrase")

# Display the decrypted string
echo "Decrypted String: $decrypted_string"

I cant figure out why is the openssl decryption failing. While encryption is working and even doing
cat $Secret_file
Prints the encrypted file but still fails to execute decrypt

poddingue · September 6, 2023, 1:25pm

Hello @ParthMishra0610 and welcome to this community.

When you’re using OpenSSL to encrypt and decrypt files in Jenkins, there are a few things you need to consider to ensure it works correctly:

Use Environment Variables Carefully: Jenkins often runs jobs with different environments than your local shell. When you use environment variables like $SECRET_FILE and $DECRYPTION_KEY, make sure that these variables are set correctly within the Jenkins environment.
Check File Paths: Ensure that $SECRET_FILE contains the correct file path to your secret file. You might want to use an absolute file path to avoid any relative path issues.
Debugging: When debugging, add some echo statements in your Jenkins build script to print out the values of $SECRET_FILE and $DECRYPTION_KEY to verify that they are set correctly.
Permissions: Ensure that the Jenkins user has permission to read the secret file. Sometimes, Jenkins may be running as a different user with restricted permissions.

Here’s an example build script that uses echo for debugging:

#!/bin/bash

# Print the values of environment variables for debugging
echo "SECRET_FILE: $SECRET_FILE"
echo "DECRYPTION_KEY: $DECRYPTION_KEY"

# Decrypt the file
openssl enc -d -aes-256-cbc -salt -in "$SECRET_FILE" -out decrypted_file.txt -pass pass:"$DECRYPTION_KEY"

# Check the content of the decrypted file
cat decrypted_file.txt

Redirect Errors : You might also want to redirect errors to the standard output so that you can see any error messages that OpenSSL produces. You can do this by appending 2>&1 to your OpenSSL command, like this:

openssl enc -d -aes-256-cbc -salt -in "$SECRET_FILE" -out decrypted_file.txt -pass pass:"$DECRYPTION_KEY" 2>&1

This should ensure that both standard output and standard error are captured and displayed in the Jenkins build console.

Topic		Replies	Views
Will the encryption & decryption works, if I move the master.key file out of secrets folder or password protected? Ask a question	3	396	March 28, 2022
Host key verification failed - ssh command issue Ask a question	1	2530	October 20, 2022
My jenkins is installed on one linux server and my shellscript is present on another linux server can any one suggest me how i can execute my code and test connectivity in this case Using Jenkins question	7	1635	December 5, 2021
Does Jenkins credential manager support AES-256 encryption? Ask a question	2	700	March 29, 2022
Salesforce Sandbox authorization issue from jenkins pipeline Ask a question	4	1444	July 8, 2022

Openssl decryption error

Related Topics