Notice
I wrote this article and was originally published on Qiita on 4 March 2023.
OpenSSL is a swiss army knife of cryptography.
Help
# show option of enc command
$ openssl enc help
Usage: enc [options]
Valid options are:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-in infile Input file
-out outfile Output file
-pass val Passphrase source
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-v Verbose output
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
-bufsize val Buffer size
-k val Passphrase
-kfile infile Read passphrase from file
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-engine val Use engine, possibly a hardware device
Generate symantec key
# generates 16 bytes (128 bits) key in binary format
$ openssl rand 16
# in hex format
$ openssl rand -hex 16
88cdbf1e106334f1bca57f730758abad
# encoded by BASE64
$ openssl rand -base64 16
tMa1eyjIZw3g3M0dhPC87A==
# show hex format of the binary key saved in a file
$ xxd -ps symantec.key
88cdbf1e106334f1bca57f730758abad
Encode/decode file by AES
Assume using aes-128-cbc algorithm (128 bits key), with 128 bits initialization vector and no salt. Padding algorithm is PKCS#5.
# encode, -K is key in hex format, -iv is initialization vector in hex format
$ openssl enc -e -aes-128-cbc -K abcdef01234567890123456789abcdef -iv 0123456789abcdef0123456789abcdef -nosalt -in file.txt -out file.txt.encode
# decode
$ openssl enc -d -aes-128-cbc -K abcdef01234567890123456789abcdef -iv 0123456789abcdef0123456789abcdef -nosalt -in file.txt.encode -out file.txt
Establish HTTPS connection
$ openssl s_client -connect www.google.com:443
Top comments (0)