# OpenSSL Essentials- Encrypting and decrypting files with OpenSSL

This article will show you some important commands about `openssl`

like generating random data, encrypting and decrypting files using Symmetric and Asymmetric algorithms, generating digital signature and generating a file digest.

## Generate Random Data

The `OpenSSL rand`

the command can be used to generate pseudorandom bytes. The `-base64`

flag will base64 encode the output, providing you with a random string that can be used as a password or for other applications that require a random string. Just make sure that the number of bytes is divisible by three to avoid padding.

```
$ OpenSSL rand -base64 9
Emo+xQINmYoU
```

## Generate Hash of a file

~~(ads)~~

Hashing is the process of converting a given key into another value. Then, a hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or, simply, a hash. A good hash function uses a **one-way** hashing algorithm. In other words, the Hash cannot be converted back into the original key. Many hashing algorithms are available like `MD5`

, `SHA256`

, `SHA512`

, etc.

In the following example, I am generating the Hash of a file named `hasIn1.txt`

using the `SHA256`

algorithm.

```
openssl dgst -sha256 hashIn1.txt
```

## Symmetric Encryption using OpenSSL

In symmetric encryption, we used the same key to encrypt and decrypt the data. There are a lot of symmetric algorithms like

- AES (Advanced Encryption Standard)
- DES (Data Encryption Standard)
- IDEA (International Data Encryption Algorithm)
- Blowfish (Drop-in replacement for DES or IDEA)
- RC4 (Rivest Cipher 4)
- RC5 (Rivest Cipher 5)
- RC6 (Rivest Cipher 6)

The most popular is the AES algorithm. In the following example, I am encrypting a file using the`AES`

algorithm with`CBC`

mode. Another mode is, which is not recommended because of the pattern in encrypted text.

```
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -in secret.txt -out secret.enc
```

PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more complex and is known as essential stretching.

## Asymmetric encryption using OpenSSL

Asymmetric cryptography is a cryptographic system that uses pairs of keys: public keys and private keys. The Public key is used to decrypt the data, and the private key is used to encrypt the data. To encrypt data using Asymmetric encryption, you have to follow the following steps.

- Generate private key
- Extract public key from the key
- Encrypt the file using a public key
- Decrypt the file using the private key

```
# Generate public-private key
openssl genpkey -algorithm RSA -out private.pem
# Extract public key
openssl rsa -in private.pem -pubout > public.pem
# Encrypt the file using public key
openssl rsautl -encrypt -pubin -inkey public.pem -in plaintext.txt -out encrypted.txt
# Decrypt the file
openssl rsautl -decrypt -in encrypted.txt -out plaintext_2.txt -inkey private.pem
```

## Check certificate validity.

If you want to validate the certificate of a given website is valid or not, you can use the following command.

```
echo | openssl s_client -connect google.com:443 -brief
```

## Generate Digital Signature using OpenSSL

```
OpenSSL genpkey -algorithm RSA -out key.pem
openssl rsa -in key.pem -pubout > publickey.pem
openssl dgst -sha256 -sign key.key -out signature.txt demo.txt
openssl dgst -sha256 -verify publickey.pem -signature signature.txt demo.txt
```