Encrypt files using AES with OPENSSL

Kekayan
4 min readJul 7, 2018

--

In this simple post i will simply explain how to encrypt decrypt files using AES with openssl.

What is OPENSSL?

Cryptography and SSL/TLS Toolkit

https://www.openssl.org

OpenSSL is a program and library that supports many different cryptographic operations, including:

Symmetric key encryption
Public/private key pair generation
Public key encryption
Hash functions
Certificate creation
Digital signatures
Random number generation

Each of the operations supported by OpenSSL have a variety of options, such as input/output files, algorithms, algorithm parameters and formats.

what is AES?

AES — Advanced Encryption Standard (also known as Rijndael), is a symmetric-key algorithm which means it uses the same key during encryption/decryption.

Let’s start

The list of supported ciphers can be viewed using following command

openssl list-cipher-commands
A part of the algorithams in the list

Here I am choosing -aes-26-cbc

Symmetric key encryption is performed using the enc operation of OpenSSL.

1.We can specify the password while giving command

2.We can enter when it promoted

Let’s do the first method as first

First i made a folder in my Desktop named “open_ssl” using commandmkdir

Here i put the file which i wanted to encrypt (a image file) “image.png” ,

Now is the time to encrypt our image

As you see above screenshot the folder “openssl_aes” has only one image file which we are going to encrypt.

openssl enc -aes-256-cbc -pass pass:kekayan -p -in image.png -out file.enc

So now you can see the image is encrypted and the salt ,key and iv values.

Below image we can verify that new file name “file.enc” created

let’s find out each part in our code

  • -aes-256-cbc — the cipher name( symmetric cipher : AES ;block to stream conversion : CBC(cipher block chaining))
  • -pass pass:<password> — to specify the password (here password is kekayan)
  • -P — Print out the salt, key and IV used.
  • -in file— input file /input file absolute path(here image.png)
  • -out file— output file /output file absolute path(here file.enc)

Let’s Decrypt the encrypted image

openssl enc -aes-256-cbc -pass pass:kekayan -d -in file.enc -out img_new.png -P

After decrypted .Now you can see new image named “img_new.png” also in the folder.

let’s find out each part in our code

  • -d — Decrypt the input data.
  • -in file— input file /input file absolute path(here file.enc)
  • -out file— output file /output file absolute path(here image_new.png)
  • -P — Print out the salt, key and IV used.

Beware of the line breaks

While working with AES encryption I encountered the situation where the encoder sometimes produces base 64 encoded data with or without line breaks.To solve this simply add -A

So It will be like this

openssl enc -aes-256-cbc -pass pass:kekayan -d -A -in file.enc -out img_new.png -p
  • -A — base64 encode/decode, depending on encryption flag.

openssl enc --help for more details and options (e.g. other ciphernames, how to specify a salt,etc).

Let’s do without specify password flag

Following command for encrypt:

openssl enc -aes-256-cbc  -p -in image.png -out file.enc

It will prompt you to enter password and verify it.

Following command for decrypt

openssl enc -aes-256-cbc  -d -A -in file.enc -out img_new.png -p

Here it will ask the password which we gave while we encrypt.

  • -nosalt —not to add default salt

Most cases salt is default on.you can specify it using -Salt

Also you can specify the salt value with the -S flag.If you provide the salt value, then you become responsible for generating proper salts, trying to make them as unique as possible (in practice, you have to produce them randomly). It is preferable to let openssl handle that.

When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.

So if you open file.enc in a text editor you will see like

Salted__

Happy encrypting :)

--

--

Responses (1)