encryption – Decrypting plain text. PEM certificate

I have a text that is supposedly base64 encoded. But when I try to decipher it, an incomprehensible text comes out. But in principle, Latin letters are read. Perhaps this is a public certificate.

How to decipher it. And is it possible to encrypt your certificate the same way?


I cannot publish the base64 decrypted format. StackExchange gives an error due to encoding

office – Decrypting xls file using John The Ripper

I need to open an excel file and see its contents which is locked with password. As I made some research on the internet, I have found that only way was a brute force attack. So I used John the Ripper on Ubuntu, and detected and extracted hash of the password, which I believe is encrypted in RC4 format, a format used for encrypting office files usually. According to this, I have 2 questions;

  1. How to make sure what encryption algorithm does xls files use? (My hash starts with $oldoffice$0*, and I am not sure if it really is RC4, because some sources tell it is a combination of hashing algorithms such as $0/$1, MD5 + RC4, collider #1)
  2. What is the corresponding format for this type of hash in John The Ripper? (Because in order to decrypt the file, John asks me to indicate the format by for example --format=MD5)

Thank you in advance

TPM1.2, CentOS7 and LUKS – Decrypting `root` at Boot Without Passphrase

I want to configure a CentOS 7 system to automatically decrypt a LUKS encrypted root partition at boot, without prompting for a passphrase. This server is equipped with a TPM 1.2 chip, which I can store my key in.

The partition that contains my root logical volume is encrypted with LUKS:

# lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 278.5G  0 disk
├─sda1                                          8:1    0     1G  0 part  /boot
└─sda2                                          8:2    0 277.5G  0 part
  └─luks-efd72338-f1b6-4a50-b826-d704642c293f 253:0    0 277.5G  0 crypt
    ├─vg_sda-lv_root                          253:1    0 273.5G  0 lvm   /
    └─vg_sda-lv_swap                          253:2    0     4G  0 lvm   (SWAP)
sr0                                            11:0    1  1024M  0 rom

The TPM chip is enabled and activated. The following packages are installed:

The tcsd service is running and enabled:

# systemctl status tcsd
● tcsd.service - TCG Core Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/tcsd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-03-17 16:42:35 UTC; 11min ago
 Main PID: 895 (tcsd)
   CGroup: /system.slice/tcsd.service
           └─895 /sbin/tcsd

The tpm_tis kernel driver was loaded:

# dmesg | grep tpm
(    0.430468) tpm_tis 00:05: 1.2 TPM (device-id 0xFE, rev-id 71)

The tpm_version command outputs the details of my module:

# tpm_version
  TPM 1.2 Version Info:
  Chip Version:
  Spec Level:          2
  Errata Revision:     3
  TPM Vendor ID:       WEC
  TPM Version:         01010000
  Manufacturer Info:   57454300

OK, so next step is figuring out how to store my key into the TPM 1.2 NVRAM and have logic added to my initramfs to can extract the key and decrypt the root partition. This is where I’m totally lost.

I found a project titled tpm-luks that sounded fairly promising, but not having much luck thus far. After compiling and installing, I ran through the directions to “add a new LUKS key to a key slot and the TPM”:

# tpm-luks -c -d /dev/sda2 -y
Enter a new TPM NV area password:
Re-enter the new TPM NV area password:
Successfully wrote 32 bytes at offset 0 to NVRAM index 0x4 (4).
You will now be prompted to enter any valid LUKS passphrase in order to store
the new TPM NVRAM secret in LUKS key slot 2:

Enter any existing passphrase:
Using NV index 4 for device /dev/sda2

The next step is using dracut to updated the initramfs, which doesn’t finish without some warning messages. I am honestly not sure how troublesome these warnings are.

# dracut /boot/initramfs-$(uname -r)-tpm-luks.img
/usr/lib/dracut/modules.d/90crypt-tpm/module-setup.sh: line 24: /var/tmp/dracut.nPJ0Jv/initramfs/etc/cmdline.d/90crypt.conf: No such file or directory
Failed to install module tpm_bios

Broadcast message from systemd-journald@mysystem (Wed 2021-03-17 18:05:06 UTC):

dracut(28567): Failed to install module tpm_bios

Message from syslogd@mysystem at Mar 17 18:05:06 ...
 dracut:Failed to install module tpm_bios

The next step is installing TrustedGRUB in order to seal the NVRAM to a PCR. I’m not sure if this is optional or not? I would like to use GRUB2 if possible. Either way, if it is not required, I’d like to see if this process works before worrying about sealing.

I then update the GRUB2 menu to boot the new initramfs.

If I reboot my system at this point, it now prompts for a “TPM NVRAM Password (/dev/sda2)” early on in boot. After entering It then continues to load CentOS without prompting for a LUKS passphrase. I think this is one step closer in the right direction, I just don’t know how to have it not prompt for the NVRAM password.

I’m wondering if anyone has any experience with this who can assist me with figuring this out. If there is an alternative way to do this (without tpm-luks) I would be willing to try that out as well.

encryption – gpg stopped decrypting a symmetrically encrypted file

Just yesterday I decrypted this same file using a key that I have written down, but today every time I try the same key gpg returns:

gpg: decryption failed: Bad session key

I suspect that either I was typing something wrong every time I decrypted this file and didn’t notice or there’s something wrong with the characters that are being entered by my keyboard.

I used gpg -c <file_name>

Also, gpg says it is AES256.CFB encrypted data, although I don’t remember seeing this CFB anytime I decrypted something in this computer, although I might be mistaken, neither did I set this option when encrypting.

I am using Manjaro 20.2.1 and gpg 2.2.25 with libgcrypt 1.8.7

Can anyone help me?

encryption – Could a malware resize a partition encrypted using Bitlocker (without decrypting the data)?

From what I’ve been reading the guideline regarding manually changing the size of a Bitlocker encrypted partition is: (a) decrypt the partition. (b) resize the partition. (c) re-encrypt the partition.

Now, since there’re certain malwares that can hide themselves in a hidden partition patch (for example on a USB drive) I was wondering whether it’s theoretically possible for a malware to resize a partition encrypted using Bitlocker (I specifically refer to Bitlocker utilizing software encryption, not hardware encryption, since this is the default and more secure option) without decrypting it first or would it render the partition unusable?

Bitcoin Wallet for Android – permission denied decrypting the wallet backup file using OpenSSL

I’ve followed the advice found on the https://github.com/bitcoin-wallet/bitcoin-wallet/blob/master/wallet/README.recover.md, but I’m having issues decrypted a wallet backup file

When I run below line

openssl enc -d -aes-256-cbc -md md5 -a -in bitcoin-wallet-backup-2017-12-25 > bitcoin-wallet-decrypted-backup

I got below error message

$ openssl enc -d -aes-256-cbc -md md5 -a -in bitcoin-wallet-backup-2017-12-25 > bitcoin-wallet-decrypted-backup 
bitcoin-wallet-backup-2017-12-25: Permission denied 
140623991867032:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('bitcoin-wallet-backup-2017-12-25','r') 
140623991867032:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:

Is there something wrong?

Decrypting key from VPN?

Hope you are well.

Long story short, I am looking for ways to extend our small business remote access by integrating the VPN connection directly into the OS.

However, I cannot recover the PSK needed for this connection. The exported config gives:

Enc cfc187c987b7249315f2201334abf746865670487a6357f796597625def126bced528d86534bb3d8

ocsdkoCV23423 could possibly be the decryption key, but I am uncertain.

I know that the PSK is a 20-digit string.

If anyone here can decrypt this string, please send me a message. It would be much appreciated (before my manager gets grumpy…)

Thank you, and stay safe!