As part of a project at work recently, I had to figure out how to easily encrypt a file for one of our brain-dead developers. Luckily for me the excellent OpenSSL Toolkit was available on the Unix host. Here's how you do it:

To encrypt a file:

openssl enc -aes-256-cbc -salt -in file.txt -out file.enc

To base-64 encode it, simply add the -a switch (for 'ASCII'):

openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc

The encryption operation requires that you supply a passphrase.

To decrypt the same file:

openssl enc -d -aes-256-cbc -in file.enc

To decrypt base-64 version, you guessed it, add -a flag :

openssl enc -d -aes-256-cbc -a -in file.enc

The passphrase will be prompted for. You can also supply the passphrase on the command line using the -pass option, or read the passphrase from a file using -pass file:/path/to/file.

Neato. A lot more cool tips at the OpenSSL Command-Line HOWTO.

Sure beats reading the heinously long and complex man pages for openssl! Now we really need a good way to be able to do this for batch jobs *without* having to store the passphrase in cleartext.

[ add comment ] ( 1082 views )   |  permalink

---

| 1 | 2 | 3 |

All information on this blog copyright Goonda Security Inc. - Page Generated in 0.122 seconds