Jump to content
Nytro

Using OpenSSL to encrypt messages and files on Linux

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted (edited)

Using OpenSSL to encrypt messages and files on Linux

1. Introduction

OpenSSL is a powerful cryptography toolkit. Many of us have already used OpenSSL for creating RSA Private Keys or CSR (Certificate Signing Request). However, did you know that you can use OpenSSL to benchmark your computer speed or that you can also encrypt files or messages? This article will provide you with some simple to follow tips on how to encrypt messages and files using OpenSSL.

2. Encrypt and Decrypt Messages

First we can start by encrypting simple messages. The following command will encrypt a message "Welcome to LinuxCareer.com" using Base64 Encoding:

$ echo "Welcome to LinuxCareer.com" | openssl enc -base64
V2VsY29tZSB0byBMaW51eENhcmVlci5jb20K

The output of the above command is an encrypted string containing encoded message "Welcome to LinuxCareer.com". To decrypt encoded string back to its original message we need to reverse the order and attach -d option for decryption:

$ echo "V2VsY29tZSB0byBMaW51eENhcmVlci5jb20K" | openssl enc -base64 -d
Welcome to LinuxCareer.com

The above encryption is simple to use, however, it lacks an important feature of a password, which should be used for encryption. For example, try to decrypt the following string with a password "pass":

U2FsdGVkX181xscMhkpIA6J0qd76N/nSjjTc9NrDUC0CBSLpZQxQ2Db7ipd7kexj

To do that use OpenSSL again with -d option and encoding method aes-256-cbc:

echo "U2FsdGVkX181xscMhkpIA6J0qd76N/nSjjTc9NrDUC0CBSLpZQxQ2Db7ipd7kexj" | openssl  enc -aes-256-cbc -d -a

As you have probably already guessed, to create an encrypted message with a password as the one above you can use the following command:

$ echo "OpenSSL" | openssl enc -aes-256-cbc -a enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX185E3H2me2D+qmCfkEsXDTn8nCn/4sblr8=

If you wish to store OpenSSL's output to a file instead of STDOUT simply use STDOUT redirection ">". When storing encrypted output to a file you can also omit -a option as you no longer need the output to be ASCII text based:

$ echo "OpenSSL" | openssl enc -aes-256-cbc > openssl.dat
enter aes-256-cbc encryption password:

Verifying - enter aes-256-cbc encryption password:

$ file openssl.dat 
openssl.dat: data

To decrypt the openssl.dat file back to its original message use:

$ openssl enc -aes-256-cbc -d -in openssl.dat 
enter aes-256-cbc decryption password:
OpenSSL

3. Encrypt and Decrypt File

To encrypt files with OpenSSL is as simple as encrypting messages. The only difference is that instead of the echo command we use the -in option with the actual file we would like to encrypt and -out option, which will instruct OpenSSL to store the encrypted file under a given name:

$ openssl enc -aes-256-cbc -in /etc/services -out services.dat

To decrypt back our services file use:

$ openssl enc -aes-256-cbc -d -in services.dat > services.txt
enter aes-256-cbc decryption password: [B]

4. Encrypt and Decrypt Directory

In case that you needed to use OpenSSL to encrypt an entire directory you would, firs,t need to create gzip tarball and then encrypt the tarball with the above method or you can do both at the same time by using pipe:

# tar cz /etc | openssl enc -aes-256-cbc -out etc.tar.gz.dat
tar: Removing leading `/' from member names
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

To decrypt and extract the entire etc/ directory to you current working directory use:

# openssl enc -aes-256-cbc -d -in etc.tar.gz.dat | tar xz
enter aes-256-cbc decryption password:

The above method can be quite useful for automated encrypted backups.

5. Conclusion

What you have just read was a basic introduction to OpenSSL encryption. When it comes to OpenSSL as an encryption toolkit it literally has no limit on what you can do. To see how to use different encoding methods see OpenSSL manual page:

$ man openssl Make sure you tune in to our Linux jobs portal to stay informed about the latest opportunities in the field. Also, if you want to share your experiences with us or require additional help, please visit our Linux Forum.

About Author:

[TABLE]

[TR]

[TD]lubos_rendek_85x85.jpg[/TD]

[TD] Lubos Rendek

In the past I have worked for various companies as a Linux system administrator. Linux system has become my passion and obsession. I love to explore what Linux & GNU/Linux operating system has to offer and share that knowledge with everyone without obligations.[/TD]

[/TR]

[/TABLE]

Sursa: Using OpenSSL to encrypt messages and files

Edited by Nytro

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...