Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File decryption fails (wrong final block length) on Windows #4746

Open
lukeIam opened this issue Sep 3, 2015 · 36 comments
Open

File decryption fails (wrong final block length) on Windows #4746

lukeIam opened this issue Sep 3, 2015 · 36 comments
Labels
locked This thread is locked, and won't automatically be closed windows

Comments

@lukeIam
Copy link

lukeIam commented Sep 3, 2015

Decrypting my file fails with bad decrypt: wrong final block length.

I used travis encrypt-file file under Windows to encrypt my file without problems.
Also I added the generated decryption command to the before_install: section:

openssl aes-256-cbc -K $encrypted_048ea30036f2_key -iv $encrypted_048ea30036f2_iv -in file.enc -out file -d

(Also tried the --add option of travis encrypt-file)

Here are parts of the build log:

[...]
$ export encrypted_048ea30036f2_key=[secure]
$ export encrypted_048ea30036f2_iv=[secure]
[...]
$ openssl aes-256-cbc -K $encrypted_048ea30036f2_key -iv $encrypted_048ea30036f2_iv -in file.enc -out file -d
bad decrypt
139709116544672:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
The command "openssl aes-256-cbc -K $encrypted_048ea30036f2_key -iv $encrypted_048ea30036f2_iv -in file.enc -out file -d" failed and exited with 1 during .
Your build has been stopped.

Any suggestions?

@BanzaiMan
Copy link
Contributor

Could you try steps with travis encrypt-file -r OWNER/REPO file?

@lukeIam
Copy link
Author

lukeIam commented Sep 3, 2015

sure - but got the same problem with the same message

Some more information about the project:
we need a new build system so I'm trying out Travis CI.
-> the .travis.yml only exists in a brach travisTest in my fork lukeIam/Vocaluxe.
Travis is enabled for this fork and was successfully building, before I added the encrypted file.
The log of the last build can be found here:
https://travis-ci.org/lukeIam/Vocaluxe/builds/78612690

@BanzaiMan
Copy link
Contributor

I just remembered. You cannot encrypt more than 1 file, because the second invocation nullifies the first. This is documented. http://docs.travis-ci.com/user/encrypting-files/#Encrypting-multiple-files

@lukeIam
Copy link
Author

lukeIam commented Sep 4, 2015

@BanzaiMan Thanks for your time! But I'm afraid I don't get it...

"You cannot encrypt more than 1 file" - I knew this and I've only encrypted a single file and of course I have only one openssl line in my .travis.yml.

The other key/iv pair was from the last attempt and is now deleted.
build log

Or does does the secure line of the deploy section (github releases), consumes the single possible openssl call, even it does't use a file?

@BanzaiMan
Copy link
Contributor

@lukeIam In the build you indicated, I see 2 sets of environment variables set by travis encrypt-file … command (https://travis-ci.org/lukeIam/Vocaluxe/builds/78612690#L935-L938) This indicates to me that you ran the command twice, and you added those in your repository's settings.

In https://travis-ci.org/lukeIam/Vocaluxe/builds/78738939, I see that you've removed one, but perhaps you removed the wrong one.

@lukeIam
Copy link
Author

lukeIam commented Sep 4, 2015

@BanzaiMan

In https://travis-ci.org/lukeIam/Vocaluxe/builds/78738939, I see that you've removed one, but perhaps you removed the wrong one.

I removed all four variables with travis env unset [...] and reran travis encrypt-file.
It recreated $encrypted_a377c9765acb (same variable name).

I started an other try and got the same variable again.
Here is what I executed:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

D:\Projects\Vocaluxe>travis env list
# environment variables for lukeIam/Vocaluxe
encrypted_a377c9765acb_key=[secure]
encrypted_a377c9765acb_iv=[secure]

D:\Projects\Vocaluxe>travis env unset encrypted_a377c9765acb_key
[x] removing environment variable $encrypted_a377c9765acb_key

D:\Projects\Vocaluxe>travis env unset encrypted_a377c9765acb_iv
[x] removing environment variable $encrypted_a377c9765acb_iv

D:\Projects\Vocaluxe>travis env list
# environment variables for lukeIam/Vocaluxe

D:\Projects\Vocaluxe>travis whoami
You are lukeIam

D:\Projects\Vocaluxe>travis encrypt-file -r lukeIam/Vocaluxe travisKey
encrypting travisKey for lukeIam/Vocaluxe
storing result as travisKey.enc
storing secure env variables for decryption

Please add the following to your build script (before_install stage in your .tra
vis.yml, for instance):

    openssl aes-256-cbc -K $encrypted_a377c9765acb_key -iv $encrypted_a377c9765a
cb_iv -in travisKey.enc -out travisKey -d

Pro Tip: You can add it automatically by running with --add.

Make sure to add travisKey.enc to the git repository.
Make sure not to add travisKey to the git repository.
Commit all changes to your .travis.yml.

D:\Projects\Vocaluxe>

@BanzaiMan
Copy link
Contributor

Hmmm. Interesting. Do you have access to another OS (Linux or Mac)? Does this happen there, too?

@BanzaiMan BanzaiMan reopened this Sep 4, 2015
@lukeIam
Copy link
Author

lukeIam commented Sep 4, 2015

I'll install a linux...

@cotsog
Copy link

cotsog commented Sep 4, 2015

Maybe related: we had a report of a user not able to encrypt env variables on Windows.

@lukeIam
Copy link
Author

lukeIam commented Sep 4, 2015

On ubuntu 14.04 LTS x64 it worked:
https://travis-ci.org/lukeIam/Vocaluxe/builds/78758729
(The build faild, but this is caused by my deploy script - openssl is working!)

travis encrypt-file generated a new variable with linux

@BanzaiMan BanzaiMan changed the title File decryption fails (wrong final block length) File decryption fails (wrong final block length) on Windows Sep 4, 2015
@MariadeAnton
Copy link

related to @cotsog - it was failing in a Windows 8 machine, using the default Command Prompt and ConEmu x64

@omaralvarez
Copy link

This is also happenning on Windows 7 x64 with Git Bash command prompt.

@bartlangelaan
Copy link

Also happening on Windows 10. Trying to decrypt a Google Apps Engine service account json, with no luck. Any recent updates that could have broken this?

@hstolte
Copy link

hstolte commented Oct 17, 2015

I am experiencing the same issue on Windows 10 using the default command promt.

openssl aes-256-cbc -K $encrypted_982593a2c96c_key -iv $encrypted_982593a2c96c_iv -in deploy_key.enc -out deploy_key -d
bad decrypt
140212392736416:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
The command "openssl aes-256-cbc -K $encrypted_982593a2c96c_key -iv $encrypted_982593a2c96c_iv -in deploy_key.enc -out deploy_key -d" failed and exited with 1 during .
Your build has been stopped.

@shizuka
Copy link

shizuka commented Nov 17, 2015

+1, using default prompt on Windows 10 Pro 1511 to encrypt a key and have Travis CI decrypt to push to our server

$ openssl aes-256-cbc -K $encrypted_9a78d482b28c_key -iv $encrypted_9a78d482b28c_iv -in deploy-key.enc -out deploy-key -d

bad decrypt

140405926045344:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:

The command "openssl aes-256-cbc -K $encrypted_9a78d482b28c_key -iv $encrypted_9a78d482b28c_iv -in deploy-key.enc -out deploy-key -d" failed and exited with 1 during .

Your build has been stopped.

@nickvandewiele
Copy link

+1

@CoenQian
Copy link

+1 windows 10 Git Bash

1 similar comment
@Waydrow
Copy link

Waydrow commented Jan 30, 2016

+1 windows 10 Git Bash

@bterlson
Copy link

+1

@Waydrow
Copy link

Waydrow commented Feb 11, 2016

Ok, finally I made it by using Linux, Ubuntu to deploy it

@waltertamboer
Copy link

@Waydrow Yup, that's what I did as well. I've installed Ubuntu on a virtual machine using VirtualBox.

But... +1

alrra added a commit to alrra/travis-scripts that referenced this issue Feb 22, 2016
@seayxu
Copy link

seayxu commented Mar 24, 2016

@lukeIam Do you solved the problem?

@lukeIam
Copy link
Author

lukeIam commented Mar 31, 2016

@seayxu not really - I installed Ubuntu in a virtual box...

@seayxu
Copy link

seayxu commented Mar 31, 2016

@lukeIam So do i,but got the same problem.
I'm using another way by github access token

@seayxu
Copy link

seayxu commented Apr 1, 2016

@lukeIam Last night,i try again,no problem

@TomeOkin
Copy link

I also meet the problem:
The command "openssl aes-256-cbc -K $encrypted_e59b7992228b_key -iv $encrypted_e59b7992228b_iv -in jo.jks.enc -out jo.jks -d" failed and exited with 1 during .

I has try cmd and git shell in win7, but get the same result.

@suriyaa
Copy link

suriyaa commented Apr 17, 2016

Got the same problem: https://travis-ci.org/iSCInc/status/builds/123697131! I use Windows 10 - Git Bash, CMD & Powershell.

@seayxu
Copy link

seayxu commented Apr 17, 2016

@TomeOkin @SuriyaaKudoIsc if you don't want to use Linux system,just see this way;I found the reason for this problem is that the Travis encryption generation variable is different from the Linux system in the windows system.So,I suggest you use Linux system do this.

@suriyaa
Copy link

suriyaa commented Apr 17, 2016

@seayxu Well... 😅 I can't speak or read in Chinese.

@seayxu
Copy link

seayxu commented Apr 17, 2016

@SuriyaaKudoIsc OK,here is English article

@MikeJerred
Copy link

+1 Using Windows 8.1 here and got the same error. Encrypting the file on linux (using Google Cloud Shell) works fine

@snowdream
Copy link

This is also happenning on Windows 7 x64 with Git Bash command prompt.

@trashier
Copy link

This issue still occurs.

@nawazdhandala
Copy link

+1

@Jameskmonger
Copy link

Still experiencing this on Windows.

@Bosek
Copy link

Bosek commented Aug 6, 2016

+1 Win10

@travis-ci travis-ci locked and limited conversation to collaborators Aug 6, 2016
@DrTorte DrTorte added the locked This thread is locked, and won't automatically be closed label Apr 2, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
locked This thread is locked, and won't automatically be closed windows
Projects
None yet
Development

No branches or pull requests