OpenSSL AES Decrypt & Compatibility Checker
Inspect Salted__ payloads, test the exact PBKDF2 recipe, and diagnose bad decrypt locally
This checker handles standard passphrase-based openssl enc envelopes that begin with Salted__ and contain AES-128-CBC, AES-192-CBC, or AES-256-CBC ciphertext. PBKDF2 supports SHA-1, SHA-256, SHA-384, and SHA-512. The CryptoJS / old OpenSSL preset is limited to AES-256-CBC with EVP_BytesToKey and MD5.
Raw -K/-iv ciphertext, -nosalt, explicit OpenSSL 3 -S output without an embedded header, -nopad, GCM, CMS, and non-AES ciphers are intentionally unsupported.
bad decrypt usually means the selected recipe did not produce valid CBC padding. Match the original passphrase, AES size, KDF, digest, iteration count, salt length, and Base64 handling before changing anything else. The error does not identify which one differs.
The marker identifies a compatible salted envelope shape. It does not prove that OpenSSL created the value and it does not store the cipher, KDF, digest, iteration count, passphrase, or salt length. OpenSSL 3.2 added -saltlen for PBKDF2, so decryption must use the same length that encryption used.
Does a successful result prove the passphrase is correct?
No. AES-CBC is not authenticated, and an incorrect recipe can occasionally produce valid padding. Treat the output as a candidate and verify its expected structure or checksum separately.
Why can the same Salted__ payload use different settings?
The envelope stores the marker, salt bytes, and ciphertext. It does not store the cipher, digest, KDF, or iteration count, so those settings must come from the original command or application.
Can this decrypt this site's normal encrypted text?
No. The homepage and generic Decrypt page use a different CryptoJS-compatible format and recipe. Use this checker only for the supported OpenSSL envelope described above.
Are the payload and passphrase uploaded?
No. Inspection, PBKDF2, and AES-CBC decryption run in the browser, and the page does not add inputs to the URL or browser storage.