Linux openssl
Contents
- 1 Description
- 2 Example
- 3 Create a public & private key.
- 4 Encrypt a text file with a public key
- 5 Decrypt a text file with a private key
- 6 Encrypt a binary file with a public key
- 7 Decrypt a binary file with a public key
- 8 Encrypt a file with a password
- 9 Decrypt a file with a password
- 10 Base 64 Encode and Decode
Description
The way public/private keys work, is a public key is used to encrypt data and only a private key is capable of decrypting it.
Public Key -> Encrypt.
Private Key -> Decrypt.
Example
This is a real example of public private key.
Create a public & private key.
Create a private key.
openssl genrsa -out mykey.pem 1024
Create a public key.
openssl rsa -in key.pem -pubout -out pubkey.pem
or
openssl rsa -in mykey.pem -pubout > mykey.pub
This will calculate the public key from the private key.
Encrypt a text file with a public key
cat plain.txt | openssl rsautl -encrypt -pubin -inkey ./is_rsa.pub.pem > cipher.txt
Decrypt a text file with a private key
cat cipher.txt | openssl rsautl -decrypt -inkey ~/id_rsa.private.pem
Encrypt a binary file with a public key
Decrypt a binary file with a public key
Encrypt a file with a password
The -salt option should ALWAYS be used if the key is being derived from a password.
Without the -salt option it is possible to perform efficient dictionary attacks on the password and to attack stream cipher encrypted data. The reason for this is that without the salt the same password always generates the same encryption key.
When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.
This way will prompt you for a password
openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc
This way will not
openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc
Decrypt a file with a password
This way will prompt you for a password
openssl enc -aes-256-cbc -d -in file.txt.enc -out file.txt
This way will not
openssl enc -aes-256-cbc -d -in file.txt.enc -out file.txt -k PASS
Base 64 Encode and Decode
Base64 encoding will converting 8-bit binary information into a ASCII characters.
This is nice for sending something by email, IRC, etc. you have to save encrypted file in Base64-encode.
To encrypt file in Base64-encode, you should add -a option :
Encode:
openssl enc -aes-256-cbc -salt -a -in file.txt -out file.txt.enc
Decode
openssl enc -aes-256-cbc -d -a -in file.txt.enc -out file.txt
