what is key in CBC mode in `openssl genrsa -aes-128-cbc -passout pass:qwerty0123456789 -out private.pem 2048`?

Question

I dont know the key in mode cbc, i tried write script python with expect it will return MIIE... but it doesnt

from base64 import b64decode, b64encode
from Crypto.Cipher import AES

data = "FJsww7LryZQFxKnP9TRHoSXNn7OP1/Dsq7vJNiB/I8GUgHxwb2s1dEwSHR0KBD4S"
data = b64decode(data)[:16]
key = b"qwerty0123456789"
iv = bytes.fromhex("4F6CAB2522DE70629D6DABB100908030")
cipher = AES.new(key, AES.MODE_CBC, iv)
data = cipher.decrypt(data)
print(b64encode(data)) #b'XFuamWKJEaRshBbE098olw=='

image

Hopefully someone can provide python pseudocode

Answer 1

The OpenSSL statement generates an encrypted PKCS#1 key. Decryption with Python is possible with e.g. PyCryptodome or Pyca/Cryptography:

pkcs1_enc = b'''-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,269A1092E26672B45D40F2286B378739

crTik10vEjqh9a2lsKQLwKxFANAcSrivDZ8uiRQlC/DHJJnRsDwZz6Q0Cqsiv/xu
tt00P3TwSH7qEbQeyaTUEPmXcu3GNVpwKryxXCRm9H6Ggx8pbXZk/T5MN2WOHZuB
7t8u6O9F93ZuIVIgUHkhI6G7GUHdvzbeJttgsMn24sJegvXfsKT1VOZzotLEhckF
gnPtFZxH6YvgGZqBX+NLvQ/MRiaosTmbp3IvT+KECVP159ypCK754csDazAB09qq
bTYV0KBlN360F8b3E4Ty/pGB3GY30DXAlbrHdA4i/VJegDVUYxYkqQZfsNi3rBmu
wJfjEjGB4tDZ4DoEc55WvRa4vWyPFjwcEDZPXMYqPyo49PNlzTXK+qDiJpqwpYza
8t8k6xogzPSsyF+SKTplpyHyiAhUBZTLg1MXUxKtwSKxd85hinAUBihQZkMiD9qk
s1oEyuxavCz8VuTZypF99lPNP1kvSkKKTlTumSGhrSQ+ZNPs1GKCjmpWv+qXXhSt
mbOV0DJCUyLGaNz/83iGg+aQSQLil+uSP6KOOczcqwUtzwyFO0ecJk7Fvyr1JTGz
i3rPjcuBpFR8w+Z5sf5ZD0gvfwjBpq5QqOw4jXUJpUpxKs5FP1EmOh2a813pZGBu
e3r+NxLFmgAjU8wnioomjEV1QJRiZ42bE0QO9OW8Mt5at/Bcu8cDHbJ2NT3i9jL/
jrPLKFB80fJOLB/TppuiWtycaju1IXgrXbLH2oPKHJ3CzzDyVmRDrpPKhgh1INO1
gJYHFfTsj/JBII59RQKrEIIQs+upjrjoJWkS2YyGva91PxvJPA1ntHTxVua58gZH
/QN1ZCen8Ib4H558XPlNy+U6djYoV9uvyFN15Helqyet5lpDha/uXTbSK4vSgZtt
yvDkYM2rIFQmK7HdgQbtd+Zupn6M5XfASfECdU5DblQYUqdSfVFu3VZnbH52jmXP
imNFrATY10rm5KF3aaz5UBqACfJnSpr3UYBiLEX7lbrXDGQbqK1R6FyJj4cu5nUp
tKunQCXWmW/YcWjhSNbHyWW/k2QpV/58KMN75mpl9dMGhWk33HcgMtWQ20cy9IzG
+FdivYkP7uexEqyUaMXUkvi43yH5MR/s+X0HJ5SAojW0wiB9ev3aBFhxs9XtTiG9
dAEl/UC154UwH6HUWlL0a3SuOnIWnR89A6m1ov/CI8I2oqyqKSeeKF0raJJs2e5O
1Cvuko9q+g+eVovDCGZeraVGdJn9+4922tKw/OvQdy+unpMpGxUyx4U/bKYBC3Py
tAaFHA1j7bjNvl8Xs5dPWzflo9OEU1Dx4Naat/yPoxvm0UJyoEoJA1eqYEG2bdbp
UqJJMfF1n0BZirJochELYhF3kG3JaJzn6ER7MNW/yzJuNQGx7bli3CHAs1QhgDMM
1LLtmpAAm9WdqEo57DjX+UBFOHo/Q5R7dR5h1bbxeQJxFwbBTSauVFfVUySt3Af7
r7C2bQZnkvTU2mxoxg3DXCy0dsN28A/V558ZERmiVT1OkmUxXh/hKHAes8kNB27V
bhoWaV5igMcrYuImw3wGKXZ4DszmaIMYNLMvo4N3PbkbuwklTX8eQh1AeQRMCSbb
-----END RSA PRIVATE KEY-----
'''

# Import/Export via Cryptography
from cryptography.hazmat.primitives import serialization
keyViaPycaCryptography = serialization.load_pem_private_key(pkcs1_enc, b'qwerty0123456789')
print(keyViaPycaCryptography.private_bytes(serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.NoEncryption()).decode('utf-8'))

# Import/Export via PyCryptodome
from Crypto.PublicKey import RSA
keyViaPyCryptodome = RSA.import_key(pkcs1_enc, b'qwerty0123456789')
print(keyViaPyCryptodome.exportKey(format='PEM', passphrase=None, pkcs=1, protection=None).decode('utf-8'))

Both implementations output the PEM encoded key in PKCS#1 format.

---

Alternatively, a direct decryption is also possible. The second DEK-Info value provides the hex encoded IV. The first 8 bytes of the IV are used as salt for the key derivation. The key is derived as MD5 hash of the concatenation of UTF8 encoded password and salt.

A possible decryption with PyCryptodome is:

# Directly
import base64
import hashlib
from Crypto.Cipher import AES
from Crypto.PublicKey import RSA
from Crypto.Util.Padding import unpad
encKey = base64.b64decode('crTik10vEjqh9a2lsKQLwKxFANAcSrivDZ8uiRQlC/DHJJnRsDwZz6Q0Cqsiv/xutt00P3TwSH7qEbQeyaTUEPmXcu3GNVpwKryxXCRm9H6Ggx8pbXZk/T5MN2WOHZuB7t8u6O9F93ZuIVIgUHkhI6G7GUHdvzbeJttgsMn24sJegvXfsKT1VOZzotLEhckFgnPtFZxH6YvgGZqBX+NLvQ/MRiaosTmbp3IvT+KECVP159ypCK754csDazAB09qqbTYV0KBlN360F8b3E4Ty/pGB3GY30DXAlbrHdA4i/VJegDVUYxYkqQZfsNi3rBmuwJfjEjGB4tDZ4DoEc55WvRa4vWyPFjwcEDZPXMYqPyo49PNlzTXK+qDiJpqwpYza8t8k6xogzPSsyF+SKTplpyHyiAhUBZTLg1MXUxKtwSKxd85hinAUBihQZkMiD9qks1oEyuxavCz8VuTZypF99lPNP1kvSkKKTlTumSGhrSQ+ZNPs1GKCjmpWv+qXXhStmbOV0DJCUyLGaNz/83iGg+aQSQLil+uSP6KOOczcqwUtzwyFO0ecJk7Fvyr1JTGzi3rPjcuBpFR8w+Z5sf5ZD0gvfwjBpq5QqOw4jXUJpUpxKs5FP1EmOh2a813pZGBue3r+NxLFmgAjU8wnioomjEV1QJRiZ42bE0QO9OW8Mt5at/Bcu8cDHbJ2NT3i9jL/jrPLKFB80fJOLB/TppuiWtycaju1IXgrXbLH2oPKHJ3CzzDyVmRDrpPKhgh1INO1gJYHFfTsj/JBII59RQKrEIIQs+upjrjoJWkS2YyGva91PxvJPA1ntHTxVua58gZH/QN1ZCen8Ib4H558XPlNy+U6djYoV9uvyFN15Helqyet5lpDha/uXTbSK4vSgZttyvDkYM2rIFQmK7HdgQbtd+Zupn6M5XfASfECdU5DblQYUqdSfVFu3VZnbH52jmXPimNFrATY10rm5KF3aaz5UBqACfJnSpr3UYBiLEX7lbrXDGQbqK1R6FyJj4cu5nUptKunQCXWmW/YcWjhSNbHyWW/k2QpV/58KMN75mpl9dMGhWk33HcgMtWQ20cy9IzG+FdivYkP7uexEqyUaMXUkvi43yH5MR/s+X0HJ5SAojW0wiB9ev3aBFhxs9XtTiG9dAEl/UC154UwH6HUWlL0a3SuOnIWnR89A6m1ov/CI8I2oqyqKSeeKF0raJJs2e5O1Cvuko9q+g+eVovDCGZeraVGdJn9+4922tKw/OvQdy+unpMpGxUyx4U/bKYBC3PytAaFHA1j7bjNvl8Xs5dPWzflo9OEU1Dx4Naat/yPoxvm0UJyoEoJA1eqYEG2bdbpUqJJMfF1n0BZirJochELYhF3kG3JaJzn6ER7MNW/yzJuNQGx7bli3CHAs1QhgDMM1LLtmpAAm9WdqEo57DjX+UBFOHo/Q5R7dR5h1bbxeQJxFwbBTSauVFfVUySt3Af7r7C2bQZnkvTU2mxoxg3DXCy0dsN28A/V558ZERmiVT1OkmUxXh/hKHAes8kNB27VbhoWaV5igMcrYuImw3wGKXZ4DszmaIMYNLMvo4N3PbkbuwklTX8eQh1AeQRMCSbb')
iv = bytes.fromhex('269A1092E26672B45D40F2286B378739')
salt = iv[:8]
passwordSalt = b'qwerty0123456789' + salt
h = hashlib.md5()
h.update(passwordSalt)
aesKey = h.digest()
cipher = AES.new(aesKey, AES.MODE_CBC, iv)
decKey = unpad(cipher.decrypt(encKey), AES.block_size)
print(RSA.import_key(decKey).exportKey(format='PEM', passphrase=None, pkcs=1, protection=None).decode('utf-8'))

The direct decryption provides the private key decKey as DER encoded key in PKCS#1 format, which is then converted to a PEM encoded key.