Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use OpenSSL to encrypt and decrypt files", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "how to use OpenSSL encryption and decryption files" bar!

Encryption is a way to encode a message to protect the content of the message from snooping. There are generally two types:

Key encryption or symmetric encryption

Public key encryption or asymmetric encryption

Key encryption secret-key encryption uses the same key for encryption and decryption, while public key encryption public-key encryption uses different keys for encryption and decryption. Each method has its own advantages and disadvantages. Key encryption is faster, while public key encryption is more secure because it solves the problem of securely sharing keys, and combining them can maximize the advantages of each type.

Public key encryption

Public key encryption uses two sets of keys, called key pairs. One is the public key, which can be freely shared with anyone you want to communicate secretly. The other is the private key, which should be a secret and will never be shared.

The public key is used for encryption. If someone wants to exchange sensitive information with you, you can send them your public key, and they can use the public key to encrypt the message or file, and then send it to you. The private key is used for decryption. The only way to decrypt a message encrypted by the sender is to use the private key. Therefore, they are called "key pairs" and they are interrelated.

How to use OpenSSL to encrypt files

OpenSSL is a great tool to perform a variety of tasks, such as encrypting files. This article uses a Fedora computer with OpenSSL installed. If you don't have it on your machine, you can install it using the package manager:

Alice $cat / etc/fedora-release Fedora release 33 (Thirty Three) alice $alice $openssl version OpenSSL 1.1.1I FIPS 8 Dec 2020 alice $

To explore file encryption and decryption, if you have two users, Alice and Bob, they want to communicate with each other by exchanging encrypted files using OpenSSL.

Step 1: generate a key pair

You need to generate a key pair before encrypting the file. You also need a passphrase passphrase, which you must use whenever you use OpenSSL, so be sure to remember it.

Alice generates her set of key pairs using the following command:

Alice $openssl genrsa-aes128-out alice_private.pem 1024

This command uses OpenSSL's genrsa command to generate a 1024-bit public / private key pair. This is possible because the RSA algorithm is asymmetric. It also uses the aes128 symmetric key algorithm to encrypt the private key generated by Alice.

After entering the command, OpenSSL prompts Alice for a password, which she must enter each time she uses the key:

Alice $openssl genrsa-aes128-out alice_private.pem 1024 Generating RSA private key, 1024 bit long modulus (2 primes). +.. + e is 65537 (0x010001) Enter pass phrase for alice_private.pem: Verifying-Enter pass phrase for alice_private.pem: alice $alice $alice $ls-l alice_private.pem-rw-. 1 alice alice 966 Mar 22 17:44 alice_private.pem alice $alice $file alice_private.pem alice_private.pem: PEM RSA private key alice $

Bob uses the same steps to create his key pair:

Bob $openssl genrsa-aes128-out bob_private.pem 1024 Generating RSA private key, 1024 bit long modulus (2 primes). +.. + e is 65537 (0x010001) Enter pass phrase for bob_private.pem: Verifying-Enter pass phrase for bob_private.pem: bob $bob $ls-l bob_private.pem-rw-. 1 bob bob 986 Mar 22 13:48 bob_private.pem bob $bob $file bob_private.pem bob_private.pem: PEM RSA private key bob $

If you are curious about the key file, you can open the .pem file generated by the command, but you will see a pile of text on the screen:

Alice $head alice_private.pem-BEGIN RSA PRIVATE KEY- Proc-Type: 4 encrypted DEK-Info: AES-128-CBC,E26FAC1F143A30632203F09C259200B9 pdKj8Gm5eeAOF0RHzBx8l1tjmA1HSSvy0RF42bOeb7sEVZtJ6pMnrJ26ouwTQnkL JJjUVPPHoKZ7j4QpwzbPGrz/hVeMXVT/y33ZEEA+3nrobwisLKz+Q+C9TVJU3m7M / veiBO9xHMGV01YBNeic7MqXBkhIrNZW6pPRfrbjsBMBGSsL8nwJbb3wvHhzPkeM e+wtt9S5PWhcnGMj3T+2mtFfW6HWpd8Kdp60z7Nh6mhA9+5aDWREfJhJYzl1zfcv Bmxjf2wZ3sFJNty+sQVajYfk6UXMyJIuWgAjnqjw6c3vxQi0KE3NUNZYO93GQgEF pyAnN9uGUTBCDYeTwdw8TEzkyaL08FkzLfFbS2N9BDksA3rpI1cxpxRVFr9+jDBz alice $

To view the details of the key, you can use the following OpenSSL command to open the .pem file and display the contents. You may want to know where to find another paired key, because this is a single file. You observe very carefully, and the methods to obtain the public key are as follows:

Alice $openssl rsa-in alice_private.pem-noout-text Enter pass phrase for alice_private.pem: RSA Private-Key: (1024 bit 2 primes) modulus: 00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99: 47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc: c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f:16:0d:47: 81:fe:62:9a:63:c5:20:df:ee : d3:95:73:dc:0a:3f: 65:d3:36:1d:c1:7d:8b:7d:0f:79:de:80:fc:d2:c0: e4:27:fc:e9:66:2d:e2:7e:fc:e6:73:d1:c9:28:6b: 6a:8a:e8:96:9d:65:a0:8a:46:e0:b8:1f:b0:48:d4: db:d4:a3:7f:0d : 53:36:9a:7d:2e:e7:d8:f2:16:d3: ff:1b:12:af:53:22:c0:41:51 publicExponent: 65537 (0x10001) > exponent2: 6e:aa:8c:6e:37:d0:57:37:13:c0:08:7e:75:43:96: 33:01:99:25:24:75:9c:0b:45:3c:a2:39:44:69:84: a4Fluor64 exponent2 48 : f4:5c:bc:40:40:bf:84:b8:f8:0f:1d:7b: 96:7e:16:00:eb:49:da:6b:20:65:fc:a9:20:d9:98: 76:ca:59:e1 coefficient: 68:9e:2e:fa:a3:a4:72:1d:2b:60:61:11:b1:8b:30: 6e:7e:2d:f9:79:79:f2:27:ab: A0:a0:b6:45:08:df: 12:f7:a4:3b:d9:df:c5:6e:c7:e8:81:29:07:cd:7e: 47:99:5d:33:8c:b7:fb:3b:a9:bb:52:c0:47:7a:1c: e3 47:99:5d:33:8c:b7:fb:3b:a9:bb:52:c0:47:7a:1c 64 47:99:5d:33:8c:b7:fb:3b:a9:bb:52:c0:47:7a:1c 90 alice $step 2: extract the public key

Note that a public key is a key that you can freely share with others, and you must keep your private key secret. Therefore, Alice must extract her public key and save it to a file:

Alice $openssl rsa-in alice_private.pem-pubout > alice_public.pem Enter pass phrase for alice_private.pem: writing RSA key alice $alice $ls-l * .pem-rw-. 1 alice alice 966 Mar 22 17:44 alice_private.pem-rw-rw-r--. 1 alice alice 272 Mar 22 17:47 alice_public.pem alice $

You can view the public key details in the same way as before, but this time, enter the public key .pem file:

Alice $alice $openssl rsa-in alice_public.pem-pubin-text-noout RSA Public-Key: (1024 bit) Modulus: 00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99: 47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc: c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f : 16:0d:47: 81:fe:62:9a:63:c5:20:df:ee:d3:95:73:dc:0a:3f: $

Bob can follow the same procedure to extract his public key and save it to a file:

Bob $openssl rsa-in bob_private.pem-pubout > bob_public.pem Enter pass phrase for bob_private.pem: writing RSA key bob $bob $ls-l * .pem-rw-. 1 bob bob 986 Mar 22 13:48 bob_private.pem-rw-r--r--. 1 bob bob 272 Mar 22 13:51 bob_public.pem bob $step 3: exchange public key

These public keys are of little use until Alice and Bob exchange with each other. There are several ways to share public keys, such as using the scp command to copy keys to each other's workstations.

Send the public key of Alice to the workstation of Bob:

Alice $scp alice_public.pem bob@bob-machine-or-ip:/path/

Send the public key of Bob to the workstation of Alice:

Bob $scp bob_public.pem alice@alice-machine-or-ip:/path/

Now, Alice has the public key of Bob, and vice versa:

Alice $ls-l bob_public.pem-rw-r--r--. 1 alice alice 272 Mar 22 17:51 bob_public.pem alice $bob $ls-l alice_public.pem-rw-r--r--. 1 bob bob 272 Mar 22 13:54 alice_public.pem bob $step 4: exchange encrypted messages using the public key

Suppose Alice needs to communicate secretly with Bob. She writes secret information to a file and saves it to top_secret.txt. Because this is an ordinary file, anyone can open it and view its contents, and there is not much protection here:

Alice $alice $echo "vim or emacs?" > top_secret.txt alice $alice $cat top_secret.txt vim or emacs? Alice $

To encrypt this secret message, Alice needs to use the openssls-encrypt command. She needs to provide three inputs to the tool:

The name of the secret message file

Public key of Bob (file)

The name of the encrypted new file

Alice $openssl rsautl-encrypt-inkey bob_public.pem-pubin-in top_secret.txt-out top_secret.enc alice $alice $ls-l top_secret.*-rw-rw-r--. 1 alice alice 128 Mar 22 17:54 top_secret.enc-rw-rw-r--. 1 alice alice 15 Mar 22 17:53 top_secret.txt alice $alice $

After encryption, the original file is still visible, while the newly created encrypted file looks garbled on the screen. In this way, you can make sure that the secret message is encrypted:

Alice $cat top_secret.txt vim or emacs? Alice $alice $cat top_secret.enc 's / uM) M & > dmCy92#1X / v / v / M / E / E / 1 / zi / M / 4p / e / gr / R / 1 / lr / C / zi / alice $alice $alice $alice $hexdump-C. Enc 00000000 9e 73 12 8f e3 75 4d 29 4d 26 3e bf 80 4e a0c5 | .um) M & >. N.. | 00000010 7d 64 6d 43 79 39 32 23 31 ce 71 f3 ba 95 a6 |} dmCy92#1X.q.... | 00000020 c0c076 17 fb f7 bf 4d ce fc 40e6 f4 45 7f db | v.M.E. | 00000030 7e ae c031 f8 1006 7e 26 50 55 b556 68 |. .k.. ~ & PU..Vh | 00000040 48 4c eb 40 5e 50 fe 19 ea 28 a8 b8 7a 13 69 d7 | HL.@ ^ P. (.z.i. | 00000050 4d b034 70 d8 65 d5 07 95 67 2b 52 ea 31 aa d4 | M.4p.e.grub.R.1..00000060 80b3 a8 ec a1 73 ed a7 f9 17 c3 13 d4 fa c1 71 | .s.Q | 00000070 5f 38 b9 6c 07 81 a6 fe af 43 a6 49 2d c4 ee | _ 8.l.r.C.Imuri.. | 00000080 alice $alice $file top_secret.enc top_secret.enc: data alice $

It is safe to delete the original file of the secret message to ensure that there is no trace:

Alice $rm-f top_secret.txt

Now Alice needs to use the scp command again to send this encrypted file over the network to Bob's workstation. Note that even if the file is intercepted, its contents will be encrypted, so the contents will not be compromised:

Alice $scp top_secret.enc bob@bob-machine-or-ip:/path/

If Bob tries to open and view an encrypted message using the usual method, he will not be able to understand the message:

Bob $ls-l top_secret.enc-rw-r--r--. 1 bob bob 128 Mar 22 13:59 top_secret.enc bob $bob $cat top_secret.enc / s / uM) M & > N / N / Q / v / M / E / E / 1 / k~&PU / VhHL / ^ / P / 1 (zi / M / 4p / e / g / R / 1 / s / Q / 8 / lr / C / I / I-bob $bob). $bob $hexdump-C top_secret.enc 00000000 9e 73 128f e3 75 4d 29 4d 26 3e bf 80 4e a0c5 | .um) M & >. N. | 00000010 7d 64 6d 43 79 39 32 23 31 ce 71 f3 ba 95 a6 |} dmCy92#1X.q.... | 00000020 c0c076 17 fb f7 bf 4d ce fc 40 e6 f4 45 7f db. V.M.E. | 00000030 7e ae c031 f8 6b 10 06 7e 26 50 55 b5 05 56 68 | ~.. 1.k..~&PU..Vh | 00000040 48 4c eb 40 5e 50 fe 28 ea 28 b8 b8 7a 13 69 d7 | HL.@ ^ P. (.z.i. | 00000050 4d b0 34 70 d8 65 d5 07 95 67 2b 52 ea 31 aa d4 | M.4p.e.glossy R.1. | 00000060 80 b3 a8 ec a1 73 ed a7 f9 17 c3 13 d4 fa c1 71 | .s.Q | 00000070 5f 38 B9 6c 07 72 81 a6 fe af 43 a6 49 2d c4 ee | _ 8.l.r.C.Imuri.. | 00000080 bob $step 5: decrypt the file using the private key

Bob needs to use OpenSSL to decrypt the message, but this time it uses the-decrypt command-line argument. He needs to provide the following information to the tool program:

Encrypted files (obtained from Alice)

The private key of the Bob (for decryption because the file is encrypted with the public key of Bob)

Save the decrypted output file name by redirection

Bob $openssl rsautl-decrypt-inkey bob_private.pem-in top_secret.enc > top_secret.txt Enter pass phrase for bob_private.pem: bob $

Now, Bob can read the secret message sent to him by Alice:

Bob $ls-l top_secret.txt-rw-r--r--. 1 bob bob 15 Mar 22 14:02 top_secret.txt bob $bob $cat top_secret.txt vim or emacs? Bob $

Bob needs to reply to Alice, so he writes the secret reply in a file:

Bob $echo "nano for life" > reply_secret.txt bob $bob $cat reply_secret.txt nano for life bob $step 6: repeat the process with a different key

To send a message, Bob uses the same steps as Alice, but because the message is sent to Alice, he needs to use the public key of Alice to encrypt the file:

Bob $openssl rsautl-encrypt-inkey alice_public.pem-pubin-in reply_secret.txt-out reply_secret.enc bob $bob $ls-l reply_secret.enc-rw-r--r--. 1 bob bob 128 Mar 22 14:03 reply_secret.enc bob $bob $cat reply_secret.enc / F / s. 4 "f / 1 / M / I / o / m / I / o / l / e / Y / V / {/ I / c ^ a / e / vQ / 9 / I / 1W / k / k / J / 0 / I P8 eggs &: bob $bob $bob $hexdump-C. / reply_secret.enc 00000000 92 46 dd 87 04 bc a7 2e 34 22 01 66 1a 13 31 db | .F.4 ".f. 1. | 00000010 c4 5c b4 8e 7b 6f d4 b0 24 d2 4d 92 9b 49 7b 35 |. O..$.M..I {5 | 00000020 da 7c ee 5c bb 6c cd 82 f1b 92 65 f1 8d f2 59 |. |. E... y | 00000030 82 56 81 80 7b 89 07 c 21 24 63 5e 61 0c ae 2a | .V.. {. |! $c ^ a.. * | 00000040 d4 aa 5c 76 51 8d cf a0 39 04 c1 d7 dc f0 ad 99 |..\ vQ...9. | 00000050 27 ed 8e de d9 ae 02 50 e0 dd 27 13 ae 8e 5a | '.sp..'... Z | 00000060 12 e4 9a 31 57 b3 03 6e dd e1 16 7f 6b c0b3 8b |. 1W. N. K. | 00000070 4a cf 30 b8 49 3b 50 38 e09f 84 f6 83 da 26 3a | J.0.I P8. Reply_secret.txt: | 00000080 bob $bob $# remove clear text secret message file bob $rm-f reply_secret.txt

Bob sends encrypted files to Alice workstations through scp:

$scp reply_secret.enc alice@alice-machine-or-ip:/path/

If Alice tries to read encrypted text using regular tools, she will not be able to understand encrypted text:

Alice $alice $ls-l reply_secret.enc-rw-r--r--. 1 alice alice 128 Mar 22 18:01 reply_secret.enc alice $alice $cat reply_secret.enc / F / s. 4 "f / 1 / M / I / o / m / I / o / l / e / Y / V / {/ I / c ^ a / e / vQ / 9 / I / 1W / k / k / J / 0 / I P8 eggs &: alice $alice $alice $alice $hexdump-C. / reply_secret.enc 00000000 92 46 dd 87 04 bc a7 2e 34 22 01 66 1a 13 31 db | .F.4 ".f. 1. | 00000010 c4 5c b4 8e 7b 6f d4 b0 24 d2 4d 92 9b 49 7b 35 |. O..$.M..I {5 | 00000020 da 7c ee 5c bb 6c cd 82 f1b 92 65 f1 8d f2 59 |. .e.Y | 00000030 82 56 81 80 7b 89 07 7c 21 24 63 5e 61 0c ae 2a | .V.. {. |! $c ^ a.. * | 00000040 d4 aa 5c 76 51 8d cf a0 39 04 c1 d7 dc f0 ad 99 |..\ vQ...9. | 00000050 27 ed 8e de d9 ae 02 50 e0 dd 27 13 ae 8e 5a | '.sp..'... Z | 00000060 12 e4 9a 31 57 b3 03 6e dd e1 16 7f 6b c0b3 8b |. 1W. N. K. | 00000070 4a cf 30 b8 49 3b 50 38 e09f 84 f6 83 da 26 3a | J.0.I P8.percent: | 00000080 alice $

So, she uses OpenSSL to decrypt the message, only this time she provides her own private key and saves the output to a file:

Alice $openssl rsautl-decrypt-inkey alice_private.pem-in reply_secret.enc > reply_secret.txt Enter pass phrase for alice_private.pem: alice $alice $ls-l reply_secret.txt-rw-rw-r--. 1 alice alice 14 Mar 22 18:02 reply_secret.txt alice $alice $cat reply_secret.txt nano for life alice $learn more about OpenSSL

OpenSSL is a real Swiss Army knife in the encryption world. In addition to encrypting files, it can perform many tasks, and you can find all the ways to use it by visiting the OpenSSL documentation page, including links to manuals, "OpenSSL Cookbook", FAQs, and so on. For more information, try using various encryption algorithms that come with it and see how it works.

Thank you for your reading, the above is the content of "how to use OpenSSL to encrypt and decrypt files". After the study of this article, I believe you have a deeper understanding of how to use OpenSSL to encrypt and decrypt files, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.