OpenSSL is an open-source product used to implement the SSL protocol. It consists of three parts: cryptographic algorithm library, application program, and SSL protocol library. OpenSSL implements most of the algorithms required by the SSL protocol.
Next I will introduce how to use OpenSSL for symmetric encryption of files.
I. OpenSSL supports the following encryption algorithms:
-Aes-128-cbc-aes-128-cfb-aes-128-cfb1
-Aes-128-cfb8-aes-128-ecb-aes-128-ofb
-Aes-192-cbc-aes-192-cfb-aes-192-cfb1
-Aes-192-cfb8-aes-192-ecb-aes-192-ofb
-Aes-256-cbc-aes-256-cfb-aes-256-cfb1
-Aes-256-cfb8-aes-256-ecb-aes-256-ofb
-Aes128-aes192-aes256
-BF-CBC-BF-CFB
-BF-ECB-BF-ofB-blowfish
-Cast-CBC-cast5-cbc
-Cast5-cfb-cast5-ecb-cast5-ofb
-Des-CBC-des-CFB
Des-cfb1-des-cfb8-des-ECB
-Des-Ede-CBC-des-Ede-CFB
-Des-Ede-ofB-des-ede3-des-ede3-cbc
Des-ede3-cfb-des-ede3-ofb-des-ofB
-Des3-desx-CBC
-RC2-rc2-40-cbc-rc2-64-cbc
-Rc2-cbc-rc2-cfb-rc2-ecb
-Rc2-ofb-RC4-rc4-40
Ii. OpenSSL encryption command syntax:
Synopsis
OpenSSL ENC-ciphername [-in Filename] [-out filename] [-pass Arg] [-E]
[-D] [-A] [-A] [-K Password] [-kfile filename] [-K key] [-IV] [-p]
[-P] [-bufsize number] [-nopad] [-Debug]
Note:
-Chipername option: encryption algorithm. The Algorithms supported by OpenSSL are listed above. You only need to select one of them to implement file encryption.
-In option: indicates the input file. For encryption, the input file should be a plaintext file; for decryption, the input file should be an encrypted file. This option is followed by the file name.
-Out option: output file. For encryption, the output should be the encrypted file name; for decryption, the output should be the plaintext file name.
-Pass option: select the password input method. The input source can be a standard input device, command line input, files, variables, and so on.
-E Option: implements the encryption function (if the-D option is not used, the encryption option is used by default ).
-D option: Implements decryption.
-A and-A options: Perform base64 encoding/Decoding on the file.
-K option: Enter the encryption key manually. (If this option is not used, OpenSSL uses a password to automatically extract the encryption key ).
-IV option: Enter the initial variable. (If this option is not used, OpenSSL uses a password to automatically extract the initial variable ).
-Salt option: whether to use the salt value. It is used by default.
-P option: print the encryption key used by the encryption algorithm.
Iii. cases:
1. Use the aes-128-cbc algorithm to encrypt files:
OpenSSL ENC-aes-128-cbc-in install. Log-out enc. Log
(Note: Here install. log is the file you want to encrypt, and ENC. log is the encrypted file. After you press enter, the system will prompt you to enter the password)
2. decrypt the encrypted file:
OpenSSL ENC-D-aes-128-cbc-in ENC. Log-out install. Log
(Note: ENC. log is the encrypted file, install. log is the decrypted file, and-D option implements the decryption function)
3. The encrypted file is encoded in base64 format:
OpenSSL ENC-aes-128-cbc-in install. Log-out enc. Log-
4. encryption using multiple password input methods:
OpenSSL ENC-des-ede3-cbc-in install. Log-out enc. Log-Pass pass: 111111
(The advantage of this method is that you can write it into the script to automatically complete the encryption function. If you do not use the pass option, the system will prompt you to enter the password by default and confirm that it requires manual operation)
4. OpenSSL functions are far more than that. If you are interested, refer to the OpenSSL manual. In Linux, you can use man OpenSSL to quickly obtain help files.
For example, the file file.tar.gz is encrypted with a password of 123456.
OpenSSL des3-salt-K 123456-In file.tar.gz-out file.tar.gz. des3
Decrypt file.tar.gz. des3
OpenSSL ENC-des3-D-In file.tar.gz. des3-out file.tar.gz
There is a PMA directory folder under the current directory:
1. Use tar to encrypt the file:
# Tar-zcvf-PMA | OpenSSL des3-salt-K password | dd OF = PMA. des3
After the installation is complete, you will get a PMA. des3 package file and replace the password with your password.
2. decompress the encrypted file using tar:
# Dd If = PMA. des3 | OpenSSL des3-D-K password | tar zxf-
Note: The command ends with "-", which releases all files. Here,-K password can be left blank. After the command is executed, you will be prompted to enter the password, and the-k parameter will be added to automatically verify the password in the program.