PBKDF2 key is decrypting AES without the same salt?

Question

How is the following possible without saving and reusing the salt from PBKDF2?

Here's what I'm doing to encrypt a file:

openssl aes-256-cbc -pbkdf2 -in secret.txt -out secret.enc -a -kfile kfile.file

Where secret.txt = "secret message", and kfile.file = "password"

I then run the following to decrypt the just encrypted file:

openssl aes-256-cbc -pbkdf2 -d -in secret.enc -out secret.decrypted -a -kfile kfile.file

The decrypted file results secret.decrypted = "secret message"

As far as I know, I would have needed the initial salt used for the PBKDF2 to derive the same key for decryption, why is this clearly not the case here?

When running openssl aes-256-cbc -help it states that a salt is used in the KDF by default.

Answer 1

The (implicitly generated) random 8 bytes salt and the ciphertext are automatically concatenated. In addition, the ASCII encoding of Salted__ is prepended:

<ASCII encoding of Salted__>|<8 bytes salt>|<ciphertext>

The -a option causes the result to be Base64 encoded. Because of the fixed prefix Salted__ the data therefore always starts with U2FsdGVkX1.