In this simple post i will simply explain how to encrypt decrypt files using AES with openssl.
What is OPENSSL?
Cryptography and SSL/TLS Toolkit
OpenSSL is a program and library that supports many different cryptographic operations, including:
Symmetric key encryption
Public/private key pair generation
Public key encryption
Hash functions
Certificate creation
Digital signatures
Random number generation
Each of the operations supported by OpenSSL have a variety of options, such as input/output files, algorithms, algorithm parameters and formats.
what is AES?
AES — Advanced Encryption Standard (also known as Rijndael), is a symmetric-key algorithm which means it uses the same key during encryption/decryption.
Let’s start
The list of supported ciphers can be viewed using following command
openssl list-cipher-commands
Here I am choosing -aes-26-cbc
Symmetric key encryption is performed using the enc operation of OpenSSL.
1.We can specify the password while giving command
2.We can enter when it promoted
Let’s do the first method as first
First i made a folder in my Desktop named “open_ssl” using commandmkdir
Here i put the file which i wanted to encrypt (a image file) “image.png” ,
Now is the time to encrypt our image
As you see above screenshot the folder “openssl_aes” has only one image file which we are going to encrypt.
openssl enc -aes-256-cbc -pass pass:kekayan -p -in image.png -out file.enc
So now you can see the image is encrypted and the salt ,key and iv values.
Below image we can verify that new file name “file.enc” created
let’s find out each part in our code
-aes-256-cbc— the cipher name( symmetric cipher : AES ;block to stream conversion : CBC(cipher block chaining))-pass pass:<password>— to specify the password (here password is kekayan)-P— Print out the salt, key and IV used.-in file— input file /input file absolute path(here image.png)-out file— output file /output file absolute path(here file.enc)
Let’s Decrypt the encrypted image
openssl enc -aes-256-cbc -pass pass:kekayan -d -in file.enc -out img_new.png -P
After decrypted .Now you can see new image named “img_new.png” also in the folder.
let’s find out each part in our code
-d— Decrypt the input data.-in file— input file /input file absolute path(here file.enc)-out file— output file /output file absolute path(here image_new.png)-P— Print out the salt, key and IV used.
Beware of the line breaks
While working with AES encryption I encountered the situation where the encoder sometimes produces base 64 encoded data with or without line breaks.To solve this simply add -A
So It will be like this
openssl enc -aes-256-cbc -pass pass:kekayan -d -A -in file.enc -out img_new.png -p-A— base64 encode/decode, depending on encryption flag.
openssl enc --help for more details and options (e.g. other ciphernames, how to specify a salt,etc).
Let’s do without specify password flag
Following command for encrypt:
openssl enc -aes-256-cbc -p -in image.png -out file.encIt will prompt you to enter password and verify it.
Following command for decrypt
openssl enc -aes-256-cbc -d -A -in file.enc -out img_new.png -pHere it will ask the password which we gave while we encrypt.
-nosalt—not to add default salt
Most cases salt is default on.you can specify it using -Salt
Also you can specify the salt value with the -S flag.If you provide the salt value, then you become responsible for generating proper salts, trying to make them as unique as possible (in practice, you have to produce them randomly). It is preferable to let openssl handle that.
When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.
So if you open file.enc in a text editor you will see like
Salted__Happy encrypting :)
