Thursday, March 25, 2010

Getting started with openssl

According to its manpage, it is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security network protocols and related cryptography standards required by them. It is indeed a command line tool and allows you to create RSA and DSA keys, x.509 certificates, calculation of message digests, encryption and decryption of files with optional ciphers, etc. As there are so many ways to use this tool, i will show some of its basic usages that one may find useful.

# openssl -h // for command switches
# man openssl //Documentation of the tool
# openssl list-standard-commands // list standard commands. Doesn't say what they do so you are better off using "man openssl"
# openssl list-cipher-commands //list different symmetric ciphers you can use for encrytpion
# openssl list-message-digest-commands //lists different hashing algorithms you can use for data integrity checking

# echo "password" | openssl md5 //creates the md5 hash for the string password
# echo "password" | openssl enc -md5 //does the same thing as previous example
# openssl bf -in myfile.txt -out myfile.txt.enc //encrypts the file "myfile.txt" using the blowfish cipher 'bf' to a new file 'myfile.txt.enc'. You can now delete the old file

# openssl enc -bf -in myfile.txt -out myfile.txt.enc //encrypts the file "myfile.txt" using the blowfish cipher 'bf' to a new file 'myfile.txt.enc'. Equivallent to the above command.

# openssl enc -bf -d -in myfile.txt.enc -out myfile.txt //decrypts the file "myfile.txt.enc" using the blowfish cipher 'bf' and outputs the decrypted file to a new filename 'myfile.txt'.

Using Public Key Cryptography

# openssl genrsa -out private.key //Generates private key

# openssl rsa -pubout -in private.key -out public.key //generates public key from the private key

# openssl rsautl -encrypt -inkey public.key -pubin -in test.txt -out //encrypt a file with public key. Note that you are limited to small file sizes

# openssl rsautl -decrypt -inkey private.key -in -out test.txt //decrypts the file with the private key

No comments:

Post a Comment