Encrypt messages and files using OpenSSL in a Linux environment (reprint)

Source: Internet
Author: User
Tags base64 decrypt echo command openssl enc tar xz

Transferred from: http://netsecurity.51cto.com/art/201301/378513.htm

1. Introduction

OpenSSL is a powerful cryptographic toolkit. Many of us already use OpenSSL to create RSA private keys or certificate signing requests (CSRs). But have you ever known that you can use OpenSSL to test your computer's speed? Or can you use it to encrypt a file or a message? This article will show you a few easy-to-learn tips on how to encrypt messages and files using OpenSSL.

"Related recommendations": network Security Tools Toolbox

2. Encrypt and decrypt messages

First, we might want to encrypt a simple message. The following command uses the Base64 encoding method (Base64 Encoding) to encrypt the message "Welcome to Linuxcareer.com" (Welcome to Linuxcaeer.com):

$ echo "OpenSSL" | OpenSSL ENC-AES-256-CBC > Openssl.dat

Enter AES-256-CBC encryption Password:

Verifying-enter AES-256-CBC Encryption Password:

$ file Openssl.dat

Openssl.dat:data

To decrypt the Openssl.dat file and revert to the original message, use:

$ OpenSSL enc-aes-256-cbc-d-in Openssl.dat

Enter AES-256-CBC decryption Password:

Openssl

3. Encrypt and Decrypt files

To encrypt a file with OpenSSL is as simple as encrypting the message. The only difference is that instead of using the echo command, we use the-in option, followed by the actual file we want to encrypt, and using the-out option, which instructs OpenSSL to store the encrypted file in a file of a name:

$ OpenSSL enc-aes-256-cbc-in/etc/services-out Services.dat

To decrypt our service files and restore them as they are, please use:

$ openssl enc-aes-256-cbc-d-in services.dat > Services.txt

Enter AES-256-CBC decryption Password:

4. Encrypt and decrypt the directory

In case you need to encrypt the entire directory using OpenSSL, you first need to create a gzip packaged file (tarball) and then encrypt the packaged file using the method described above, or you can use the pipe to accomplish both tasks:

# tar Cz/etc | OpenSSL enc-aes-256-cbc-out Etc.tar.gz.dat

Tar:removing leading '/' from member names

Enter AES-256-CBC encryption Password:

Verifying-enter AES-256-CBC Encryption Password:

To decrypt the entire etc/directory and extract it to the current working directory, use:

# OpenSSL enc-aes-256-cbc-d-in Etc.tar.gz.dat | Tar XZ

Enter AES-256-CBC decryption Password:

The above method is very useful for automatic backup of encrypted directories.

5. Summary

What you just saw is a basic introduction to OpenSSL encryption. When it comes to OpenSSL, the cryptographic toolkit, it doesn't really limit what you can do with it, it can be said to be a wide range of uses. To see how to use different encoding methods, see the OpenSSL man page:

$ mans OpenSSL

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.