New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File decryption fails (wrong final block length) on Windows #4746

Open
lukeIam opened this Issue Sep 3, 2015 · 36 comments

Comments

Projects
None yet
@lukeIam

lukeIam commented Sep 3, 2015

Decrypting my file fails with bad decrypt: wrong final block length.

I used travis encrypt-file file under Windows to encrypt my file without problems.
Also I added the generated decryption command to the before_install: section:

openssl aes-256-cbc -K $encrypted_048ea30036f2_key -iv $encrypted_048ea30036f2_iv -in file.enc -out file -d

(Also tried the --add option of travis encrypt-file)

Here are parts of the build log:

[...]
$ export encrypted_048ea30036f2_key=[secure]
$ export encrypted_048ea30036f2_iv=[secure]
[...]
$ openssl aes-256-cbc -K $encrypted_048ea30036f2_key -iv $encrypted_048ea30036f2_iv -in file.enc -out file -d
bad decrypt
139709116544672:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
The command "openssl aes-256-cbc -K $encrypted_048ea30036f2_key -iv $encrypted_048ea30036f2_iv -in file.enc -out file -d" failed and exited with 1 during .
Your build has been stopped.

Any suggestions?

@BanzaiMan

This comment has been minimized.

Show comment
Hide comment
@BanzaiMan

BanzaiMan Sep 3, 2015

Member

Could you try steps with travis encrypt-file -r OWNER/REPO file?

Member

BanzaiMan commented Sep 3, 2015

Could you try steps with travis encrypt-file -r OWNER/REPO file?

@lukeIam

This comment has been minimized.

Show comment
Hide comment
@lukeIam

lukeIam Sep 3, 2015

sure - but got the same problem with the same message

Some more information about the project:
we need a new build system so I'm trying out Travis CI.
-> the .travis.yml only exists in a brach travisTest in my fork lukeIam/Vocaluxe.
Travis is enabled for this fork and was successfully building, before I added the encrypted file.
The log of the last build can be found here:
https://travis-ci.org/lukeIam/Vocaluxe/builds/78612690

lukeIam commented Sep 3, 2015

sure - but got the same problem with the same message

Some more information about the project:
we need a new build system so I'm trying out Travis CI.
-> the .travis.yml only exists in a brach travisTest in my fork lukeIam/Vocaluxe.
Travis is enabled for this fork and was successfully building, before I added the encrypted file.
The log of the last build can be found here:
https://travis-ci.org/lukeIam/Vocaluxe/builds/78612690

@BanzaiMan

This comment has been minimized.

Show comment
Hide comment
@BanzaiMan

BanzaiMan Sep 4, 2015

Member

I just remembered. You cannot encrypt more than 1 file, because the second invocation nullifies the first. This is documented. http://docs.travis-ci.com/user/encrypting-files/#Encrypting-multiple-files

Member

BanzaiMan commented Sep 4, 2015

I just remembered. You cannot encrypt more than 1 file, because the second invocation nullifies the first. This is documented. http://docs.travis-ci.com/user/encrypting-files/#Encrypting-multiple-files

@BanzaiMan BanzaiMan closed this Sep 4, 2015

@lukeIam

This comment has been minimized.

Show comment
Hide comment
@lukeIam

lukeIam Sep 4, 2015

@BanzaiMan Thanks for your time! But I'm afraid I don't get it...

"You cannot encrypt more than 1 file" - I knew this and I've only encrypted a single file and of course I have only one openssl line in my .travis.yml.

The other key/iv pair was from the last attempt and is now deleted.
build log

Or does does the secure line of the deploy section (github releases), consumes the single possible openssl call, even it does't use a file?

lukeIam commented Sep 4, 2015

@BanzaiMan Thanks for your time! But I'm afraid I don't get it...

"You cannot encrypt more than 1 file" - I knew this and I've only encrypted a single file and of course I have only one openssl line in my .travis.yml.

The other key/iv pair was from the last attempt and is now deleted.
build log

Or does does the secure line of the deploy section (github releases), consumes the single possible openssl call, even it does't use a file?

@BanzaiMan

This comment has been minimized.

Show comment
Hide comment
@BanzaiMan

BanzaiMan Sep 4, 2015

Member

@lukeIam In the build you indicated, I see 2 sets of environment variables set by travis encrypt-file … command (https://travis-ci.org/lukeIam/Vocaluxe/builds/78612690#L935-L938) This indicates to me that you ran the command twice, and you added those in your repository's settings.

In https://travis-ci.org/lukeIam/Vocaluxe/builds/78738939, I see that you've removed one, but perhaps you removed the wrong one.

Member

BanzaiMan commented Sep 4, 2015

@lukeIam In the build you indicated, I see 2 sets of environment variables set by travis encrypt-file … command (https://travis-ci.org/lukeIam/Vocaluxe/builds/78612690#L935-L938) This indicates to me that you ran the command twice, and you added those in your repository's settings.

In https://travis-ci.org/lukeIam/Vocaluxe/builds/78738939, I see that you've removed one, but perhaps you removed the wrong one.

@lukeIam

This comment has been minimized.

Show comment
Hide comment
@lukeIam

lukeIam Sep 4, 2015

@BanzaiMan

In https://travis-ci.org/lukeIam/Vocaluxe/builds/78738939, I see that you've removed one, but perhaps you removed the wrong one.

I removed all four variables with travis env unset [...] and reran travis encrypt-file.
It recreated $encrypted_a377c9765acb (same variable name).

I started an other try and got the same variable again.
Here is what I executed:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

D:\Projects\Vocaluxe>travis env list
# environment variables for lukeIam/Vocaluxe
encrypted_a377c9765acb_key=[secure]
encrypted_a377c9765acb_iv=[secure]

D:\Projects\Vocaluxe>travis env unset encrypted_a377c9765acb_key
[x] removing environment variable $encrypted_a377c9765acb_key

D:\Projects\Vocaluxe>travis env unset encrypted_a377c9765acb_iv
[x] removing environment variable $encrypted_a377c9765acb_iv

D:\Projects\Vocaluxe>travis env list
# environment variables for lukeIam/Vocaluxe

D:\Projects\Vocaluxe>travis whoami
You are lukeIam

D:\Projects\Vocaluxe>travis encrypt-file -r lukeIam/Vocaluxe travisKey
encrypting travisKey for lukeIam/Vocaluxe
storing result as travisKey.enc
storing secure env variables for decryption

Please add the following to your build script (before_install stage in your .tra
vis.yml, for instance):

    openssl aes-256-cbc -K $encrypted_a377c9765acb_key -iv $encrypted_a377c9765a
cb_iv -in travisKey.enc -out travisKey -d

Pro Tip: You can add it automatically by running with --add.

Make sure to add travisKey.enc to the git repository.
Make sure not to add travisKey to the git repository.
Commit all changes to your .travis.yml.

D:\Projects\Vocaluxe>

lukeIam commented Sep 4, 2015

@BanzaiMan

In https://travis-ci.org/lukeIam/Vocaluxe/builds/78738939, I see that you've removed one, but perhaps you removed the wrong one.

I removed all four variables with travis env unset [...] and reran travis encrypt-file.
It recreated $encrypted_a377c9765acb (same variable name).

I started an other try and got the same variable again.
Here is what I executed:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

D:\Projects\Vocaluxe>travis env list
# environment variables for lukeIam/Vocaluxe
encrypted_a377c9765acb_key=[secure]
encrypted_a377c9765acb_iv=[secure]

D:\Projects\Vocaluxe>travis env unset encrypted_a377c9765acb_key
[x] removing environment variable $encrypted_a377c9765acb_key

D:\Projects\Vocaluxe>travis env unset encrypted_a377c9765acb_iv
[x] removing environment variable $encrypted_a377c9765acb_iv

D:\Projects\Vocaluxe>travis env list
# environment variables for lukeIam/Vocaluxe

D:\Projects\Vocaluxe>travis whoami
You are lukeIam

D:\Projects\Vocaluxe>travis encrypt-file -r lukeIam/Vocaluxe travisKey
encrypting travisKey for lukeIam/Vocaluxe
storing result as travisKey.enc
storing secure env variables for decryption

Please add the following to your build script (before_install stage in your .tra
vis.yml, for instance):

    openssl aes-256-cbc -K $encrypted_a377c9765acb_key -iv $encrypted_a377c9765a
cb_iv -in travisKey.enc -out travisKey -d

Pro Tip: You can add it automatically by running with --add.

Make sure to add travisKey.enc to the git repository.
Make sure not to add travisKey to the git repository.
Commit all changes to your .travis.yml.

D:\Projects\Vocaluxe>
@BanzaiMan

This comment has been minimized.

Show comment
Hide comment
@BanzaiMan

BanzaiMan Sep 4, 2015

Member

Hmmm. Interesting. Do you have access to another OS (Linux or Mac)? Does this happen there, too?

Member

BanzaiMan commented Sep 4, 2015

Hmmm. Interesting. Do you have access to another OS (Linux or Mac)? Does this happen there, too?

@BanzaiMan BanzaiMan reopened this Sep 4, 2015

@lukeIam

This comment has been minimized.

Show comment
Hide comment
@lukeIam

lukeIam Sep 4, 2015

I'll install a linux...

lukeIam commented Sep 4, 2015

I'll install a linux...

@cotsog

This comment has been minimized.

Show comment
Hide comment
@cotsog

cotsog Sep 4, 2015

Maybe related: we had a report of a user not able to encrypt env variables on Windows.

cotsog commented Sep 4, 2015

Maybe related: we had a report of a user not able to encrypt env variables on Windows.

@lukeIam

This comment has been minimized.

Show comment
Hide comment
@lukeIam

lukeIam Sep 4, 2015

On ubuntu 14.04 LTS x64 it worked:
https://travis-ci.org/lukeIam/Vocaluxe/builds/78758729
(The build faild, but this is caused by my deploy script - openssl is working!)

travis encrypt-file generated a new variable with linux

lukeIam commented Sep 4, 2015

On ubuntu 14.04 LTS x64 it worked:
https://travis-ci.org/lukeIam/Vocaluxe/builds/78758729
(The build faild, but this is caused by my deploy script - openssl is working!)

travis encrypt-file generated a new variable with linux

@BanzaiMan BanzaiMan changed the title from File decryption fails (wrong final block length) to File decryption fails (wrong final block length) on Windows Sep 4, 2015

@BanzaiMan BanzaiMan added the windows label Sep 4, 2015

@MariadeAnton

This comment has been minimized.

Show comment
Hide comment
@MariadeAnton

MariadeAnton Sep 4, 2015

Member

related to @cotsog - it was failing in a Windows 8 machine, using the default Command Prompt and ConEmu x64

Member

MariadeAnton commented Sep 4, 2015

related to @cotsog - it was failing in a Windows 8 machine, using the default Command Prompt and ConEmu x64

@omaralvarez

This comment has been minimized.

Show comment
Hide comment
@omaralvarez

omaralvarez Sep 10, 2015

This is also happenning on Windows 7 x64 with Git Bash command prompt.

omaralvarez commented Sep 10, 2015

This is also happenning on Windows 7 x64 with Git Bash command prompt.

@bartlangelaan

This comment has been minimized.

Show comment
Hide comment
@bartlangelaan

bartlangelaan Sep 23, 2015

Also happening on Windows 10. Trying to decrypt a Google Apps Engine service account json, with no luck. Any recent updates that could have broken this?

bartlangelaan commented Sep 23, 2015

Also happening on Windows 10. Trying to decrypt a Google Apps Engine service account json, with no luck. Any recent updates that could have broken this?

@hstolte

This comment has been minimized.

Show comment
Hide comment
@hstolte

hstolte Oct 17, 2015

I am experiencing the same issue on Windows 10 using the default command promt.

openssl aes-256-cbc -K $encrypted_982593a2c96c_key -iv $encrypted_982593a2c96c_iv -in deploy_key.enc -out deploy_key -d
bad decrypt
140212392736416:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
The command "openssl aes-256-cbc -K $encrypted_982593a2c96c_key -iv $encrypted_982593a2c96c_iv -in deploy_key.enc -out deploy_key -d" failed and exited with 1 during .
Your build has been stopped.

hstolte commented Oct 17, 2015

I am experiencing the same issue on Windows 10 using the default command promt.

openssl aes-256-cbc -K $encrypted_982593a2c96c_key -iv $encrypted_982593a2c96c_iv -in deploy_key.enc -out deploy_key -d
bad decrypt
140212392736416:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
The command "openssl aes-256-cbc -K $encrypted_982593a2c96c_key -iv $encrypted_982593a2c96c_iv -in deploy_key.enc -out deploy_key -d" failed and exited with 1 during .
Your build has been stopped.
@shizuka

This comment has been minimized.

Show comment
Hide comment
@shizuka

shizuka Nov 17, 2015

+1, using default prompt on Windows 10 Pro 1511 to encrypt a key and have Travis CI decrypt to push to our server

$ openssl aes-256-cbc -K $encrypted_9a78d482b28c_key -iv $encrypted_9a78d482b28c_iv -in deploy-key.enc -out deploy-key -d

bad decrypt

140405926045344:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:

The command "openssl aes-256-cbc -K $encrypted_9a78d482b28c_key -iv $encrypted_9a78d482b28c_iv -in deploy-key.enc -out deploy-key -d" failed and exited with 1 during .

Your build has been stopped.

shizuka commented Nov 17, 2015

+1, using default prompt on Windows 10 Pro 1511 to encrypt a key and have Travis CI decrypt to push to our server

$ openssl aes-256-cbc -K $encrypted_9a78d482b28c_key -iv $encrypted_9a78d482b28c_iv -in deploy-key.enc -out deploy-key -d

bad decrypt

140405926045344:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:

The command "openssl aes-256-cbc -K $encrypted_9a78d482b28c_key -iv $encrypted_9a78d482b28c_iv -in deploy-key.enc -out deploy-key -d" failed and exited with 1 during .

Your build has been stopped.
@nickvandewiele

This comment has been minimized.

Show comment
Hide comment
@nickvandewiele

nickvandewiele commented Jan 26, 2016

+1

@JiongBull

This comment has been minimized.

Show comment
Hide comment
@JiongBull

JiongBull Jan 28, 2016

+1 windows 10 Git Bash

JiongBull commented Jan 28, 2016

+1 windows 10 Git Bash

1 similar comment
@Waydrow

This comment has been minimized.

Show comment
Hide comment
@Waydrow

Waydrow Jan 30, 2016

+1 windows 10 Git Bash

Waydrow commented Jan 30, 2016

+1 windows 10 Git Bash

@bterlson

This comment has been minimized.

Show comment
Hide comment
@bterlson

bterlson commented Feb 10, 2016

+1

@Waydrow

This comment has been minimized.

Show comment
Hide comment
@Waydrow

Waydrow Feb 11, 2016

Ok, finally I made it by using Linux, Ubuntu to deploy it

Waydrow commented Feb 11, 2016

Ok, finally I made it by using Linux, Ubuntu to deploy it

@alrra alrra referenced this issue Feb 11, 2016

Closed

Improve documentation #20

5 of 5 tasks complete
@waltertamboer

This comment has been minimized.

Show comment
Hide comment
@waltertamboer

waltertamboer Feb 12, 2016

@Waydrow Yup, that's what I did as well. I've installed Ubuntu on a virtual machine using VirtualBox.

But... +1

waltertamboer commented Feb 12, 2016

@Waydrow Yup, that's what I did as well. I've installed Ubuntu on a virtual machine using VirtualBox.

But... +1

lowwor added a commit to lowwor/Realtime-Bus that referenced this issue Feb 20, 2016

alrra added a commit to alrra/travis-scripts that referenced this issue Feb 22, 2016

@seayxu

This comment has been minimized.

Show comment
Hide comment
@seayxu

seayxu Mar 24, 2016

@lukeIam Do you solved the problem?

seayxu commented Mar 24, 2016

@lukeIam Do you solved the problem?

@lukeIam

This comment has been minimized.

Show comment
Hide comment
@lukeIam

lukeIam Mar 31, 2016

@seayxu not really - I installed Ubuntu in a virtual box...

lukeIam commented Mar 31, 2016

@seayxu not really - I installed Ubuntu in a virtual box...

@seayxu

This comment has been minimized.

Show comment
Hide comment
@seayxu

seayxu Mar 31, 2016

@lukeIam So do i,but got the same problem.
I'm using another way by github access token

seayxu commented Mar 31, 2016

@lukeIam So do i,but got the same problem.
I'm using another way by github access token

@seayxu

This comment has been minimized.

Show comment
Hide comment
@seayxu

seayxu Apr 1, 2016

@lukeIam Last night,i try again,no problem

seayxu commented Apr 1, 2016

@lukeIam Last night,i try again,no problem

@TomeOkin

This comment has been minimized.

Show comment
Hide comment
@TomeOkin

TomeOkin Apr 17, 2016

I also meet the problem:
The command "openssl aes-256-cbc -K $encrypted_e59b7992228b_key -iv $encrypted_e59b7992228b_iv -in jo.jks.enc -out jo.jks -d" failed and exited with 1 during .

I has try cmd and git shell in win7, but get the same result.

TomeOkin commented Apr 17, 2016

I also meet the problem:
The command "openssl aes-256-cbc -K $encrypted_e59b7992228b_key -iv $encrypted_e59b7992228b_iv -in jo.jks.enc -out jo.jks -d" failed and exited with 1 during .

I has try cmd and git shell in win7, but get the same result.

@SuriyaaKudoIsc

This comment has been minimized.

Show comment
Hide comment
@SuriyaaKudoIsc

SuriyaaKudoIsc Apr 17, 2016

Got the same problem: https://travis-ci.org/iSCInc/status/builds/123697131! I use Windows 10 - Git Bash, CMD & Powershell.

SuriyaaKudoIsc commented Apr 17, 2016

Got the same problem: https://travis-ci.org/iSCInc/status/builds/123697131! I use Windows 10 - Git Bash, CMD & Powershell.

@seayxu

This comment has been minimized.

Show comment
Hide comment
@seayxu

seayxu Apr 17, 2016

@TomeOkin @SuriyaaKudoIsc if you don't want to use Linux system,just see this way;I found the reason for this problem is that the Travis encryption generation variable is different from the Linux system in the windows system.So,I suggest you use Linux system do this.

seayxu commented Apr 17, 2016

@TomeOkin @SuriyaaKudoIsc if you don't want to use Linux system,just see this way;I found the reason for this problem is that the Travis encryption generation variable is different from the Linux system in the windows system.So,I suggest you use Linux system do this.

@SuriyaaKudoIsc

This comment has been minimized.

Show comment
Hide comment
@SuriyaaKudoIsc

SuriyaaKudoIsc Apr 17, 2016

@seayxu Well... 😅 I can't speak or read in Chinese.

SuriyaaKudoIsc commented Apr 17, 2016

@seayxu Well... 😅 I can't speak or read in Chinese.

@seayxu

This comment has been minimized.

Show comment
Hide comment

seayxu commented Apr 17, 2016

@MikeJerred

This comment has been minimized.

Show comment
Hide comment
@MikeJerred

MikeJerred Apr 21, 2016

+1 Using Windows 8.1 here and got the same error. Encrypting the file on linux (using Google Cloud Shell) works fine

MikeJerred commented Apr 21, 2016

+1 Using Windows 8.1 here and got the same error. Encrypting the file on linux (using Google Cloud Shell) works fine

motiz88 added a commit to motiz88/redux-midi that referenced this issue May 31, 2016

@snowdream

This comment has been minimized.

Show comment
Hide comment
@snowdream

snowdream Jun 12, 2016

This is also happenning on Windows 7 x64 with Git Bash command prompt.

snowdream commented Jun 12, 2016

This is also happenning on Windows 7 x64 with Git Bash command prompt.

@trashier

This comment has been minimized.

Show comment
Hide comment
@trashier

trashier Jun 29, 2016

This issue still occurs.

trashier commented Jun 29, 2016

This issue still occurs.

@nawazdhandala

This comment has been minimized.

Show comment
Hide comment
@nawazdhandala

nawazdhandala commented Aug 2, 2016

+1

@Jameskmonger

This comment has been minimized.

Show comment
Hide comment
@Jameskmonger

Jameskmonger Aug 3, 2016

Still experiencing this on Windows.

Jameskmonger commented Aug 3, 2016

Still experiencing this on Windows.

@Bosek

This comment has been minimized.

Show comment
Hide comment
@Bosek

Bosek Aug 6, 2016

+1 Win10

Bosek commented Aug 6, 2016

+1 Win10

@travis-ci travis-ci locked and limited conversation to collaborators Aug 6, 2016

@DrTorte DrTorte added the locked label Apr 2, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.