Wiki

User Tools

Site Tools

Trace:
ubuntu:openssl:encrypt_a_file

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ubuntu:openssl:encrypt_a_file [2021/01/29 16:15] peterubuntu:openssl:encrypt_a_file [2021/01/30 18:34] (current) – [Encrypt (interactive)] peter
Line 70: Line 70:
 <WRAP info> <WRAP info>
 **NOTE:**  The **-salt** option should ALWAYS be used if the key is being derived from a password. **NOTE:**  The **-salt** option should ALWAYS be used if the key is being derived from a password.
 +
 +Without the **-salt** option it is possible to perform efficient dictionary attacks on the password and to attack stream cipher encrypted data.
 +
 +The reason for this is that without the salt the same password always generates the same encryption key.
 +
 +When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.
 </WRAP> </WRAP>
 +
 +----
 +
 +===== Decode a file that was encrypted using aes256 =====
 +
 +<code bash>
 +openssl enc -aes256 -d -in test1.enc -out test2.txt
 +</code>
 +
 +----
 +
 +===== Encrypt using base64 =====
 +
 +<code bash>
 +openssl enc -aes256 -a -e -salt -in test1.txt -out test1.enc
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  Same as for standard encoding, but with the **-a** option.
 +</WRAP>
 +
 +----
 +
 +===== Decrypt a file that was encrypted using base64 =====
 +
 +<code bash>
 +openssl enc -aes256 -d -in test1.enc -out test2.txt
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  Same as for standard base decoding, but with the **-a** option.
 +</WRAP>
 +
 +----
 +
 +===== Encrypt (interactive) =====
 +
 +<code bash>
 +openssl enc -aes-256-cbc -in file.txt.enc -out file.txt  -iter 29 -k PASS
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  The iteration count is for the PBKDF2 hashing algorithm that is designed to make password cracking much much harder.
 +
 +Using a low iteration count like 29 is not very useful.
 +
 +The count should be made as large as you can without it becoming too annoying (1 to 2 seconds of iteration).
 +
 +The current default of 10000 is var too low, even when it was released!  500000 or higher is better.
 +
 +</WRAP>
 +
 +----
 +
 +===== Decrypt (interactive) =====
 +
 +<code bash>
 +openssl enc -aes-256-cbc -d -in file.txt.enc -out file.txt -iter 29 -k PASS
 +</code>
 +
 +----
 +
 +===== Encrypt (non-interactive) =====
 +
 +<code bash>
 +openssl enc -aes-256-cbc -in file.txt.enc -out file.txt  -iter 29 -pass pass:mysecret
 +</code>
 +
 +----
 +
 +===== Decrypt (non-interactive) =====
 +
 +<code bash>
 +openssl enc -aes-256-cbc -d -in file.txt.enc -out file.txt -iter 29 -pass pass:mysecret
 +</code>
  
ubuntu/openssl/encrypt_a_file.1611936925.txt.gz · Last modified: 2021/01/29 16:15 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki