OpenSSL Essentials- Encrypting and decrypting files with OpenSSL

This article will show you some important commands about openssl like generating random data, encrypting and decrypting files using Symmetric and Asymmetric algorithms, generating digital signature and generating a file digest.

Generate Random Data

The OpenSSL rand the command can be used to generate pseudorandom bytes. The -base64 flag will base64 encode the output, providing you with a random string that can be used as a password or for other applications that require a random string. Just make sure that the number of bytes is divisible by three to avoid padding.

$  OpenSSL rand -base64 9

Generate Hash of a file


Hashing is the process of converting a given key into another value. Then, a hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or, simply, a hash. A good hash function uses a one-way hashing algorithm. In other words, the Hash cannot be converted back into the original key. Many hashing algorithms are available like MD5, SHA256, SHA512, etc.
In the following example, I am generating the Hash of a file named hasIn1.txt using the SHA256 algorithm.

openssl dgst -sha256 hashIn1.txt

Symmetric Encryption using OpenSSL

In symmetric encryption, we used the same key to encrypt and decrypt the data. There are a lot of symmetric algorithms like

  • AES (Advanced Encryption Standard)
  • DES (Data Encryption Standard)
  • IDEA (International Data Encryption Algorithm)
  • Blowfish (Drop-in replacement for DES or IDEA)
  • RC4 (Rivest Cipher 4)
  • RC5 (Rivest Cipher 5)
  • RC6 (Rivest Cipher 6)
    The most popular is the AES algorithm. In the following example, I am encrypting a file using the AES algorithm with CBC mode. Another mode is, which is not recommended because of the pattern in encrypted text.
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -in secret.txt -out secret.enc

PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more complex and is known as essential stretching.

Asymmetric encryption using OpenSSL

Asymmetric cryptography is a cryptographic system that uses pairs of keys: public keys and private keys. The Public key is used to decrypt the data, and the private key is used to encrypt the data. To encrypt data using Asymmetric encryption, you have to follow the following steps.

  • Generate private key
  • Extract public key from the key
  • Encrypt the file using a public key
  • Decrypt the file using the private key

# Generate public-private key  
openssl genpkey -algorithm RSA -out private.pem

# Extract public key
 openssl rsa -in private.pem -pubout > public.pem
 #  Encrypt the file using public key
 openssl rsautl -encrypt -pubin -inkey public.pem -in plaintext.txt -out encrypted.txt
# Decrypt the file
openssl rsautl -decrypt  -in encrypted.txt -out plaintext_2.txt -inkey private.pem

Check certificate validity.

If you want to validate the certificate of a given website is valid or not, you can use the following command.

echo | openssl s_client -connect -brief

Generate Digital Signature using OpenSSL

OpenSSL genpkey -algorithm RSA -out key.pem

openssl rsa -in key.pem -pubout > publickey.pem

openssl dgst -sha256 -sign key.key -out signature.txt demo.txt

openssl dgst -sha256 -verify publickey.pem -signature signature.txt demo.txt
Next Post Previous Post
No Comment
Add Comment
comment url