gnutls_cipher_decrypt - Linux


The gnutls_cipher_decrypt command is a cryptographic tool used to decrypt data encrypted using a specific cipher suite supported by the GNU TLS library. It plays a crucial role in establishing secure communication channels and protecting sensitive information.


gnutls_cipher_decrypt --cipher CIPHER --key KEY --iv IV --out FILE INPUT_FILE

Required Arguments:

  • --cipher: Name of the cipher suite to use for decryption (e.g., "AES-256-CBC")
  • --key: Base64-encoded encryption key
  • --iv: Initialization vector (IV) provided during encryption
  • INPUT_FILE: Path to the encrypted file to be decrypted
  • --out: Output file to write the decrypted data to




Decrypt a file using AES-128-CBC:

gnutls_cipher_decrypt --cipher AES-128-CBC --key SN637hTKI04h... --iv 7RZ+Dyh3LdfE... encrypted.txt decrypted.txt

Decrypt a message from standard input:

echo "encrypted message" | gnutls_cipher_decrypt --cipher CAMELLIA-128-CBC --key B2aG2... --iv 0123456789abcdef

Common Issues

  • Invalid cipher name: Ensure the specified cipher name is supported by GNU TLS.
  • Incorrect key length: The key must match the length required by the chosen cipher.
  • Missing IV: Provide the IV that was used during encryption for successful decryption.


gnutls_cipher_decrypt can be integrated with other commands for more complex tasks:

# Decrypt a file using a secret key stored in a variable
gnutls_cipher_decrypt --cipher AES-256-CBC --key "$KEY" --iv 0123456789abcdef encrypted.txt decrypted.txt

Related Commands

  • gnutls_cipher_encrypt: Encrypts data using a specified cipher suite.
  • openssl: A versatile cryptography toolset that can also perform decryption tasks.