Using OpenSSL to encrypt at the command line

For developers who need to program cryptographic programming in the application, it makes sense to do the basic cryptographic operation over the command line. OpenSSL supports the operation of various basic cryptographic algorithms at the command line. These procedures do not require programming, and their command parameters have a good direct correspondence with the parameters of the program function call encryption. These cryptographic operating elements are common across a variety of hardware, operating system platforms, and cryptographic repositories. We can also use these command-line cryptographic operations directly in the script. Since there is no need for programming, OpenSSL itself has undergone a large range of long-time practical applications, so the addition and decryption results can also be used as a test basis for self-coding programs.

The OpenSSL website provides source code downloads that are easy to compile under a variety of mainstream OS platforms. The Linux platform typically has a built-in OpenSSL software, which makes it easy to find the compiled Windows version of the installation package online.

The general format of the OpenSSL command-line operation is:

OpenSSL cryptographic operation type algorithm name (and operating mode) key salt value input data output data

For example, using the following OpenSSL command line to encrypt the a.txt, the results are placed in the B.bin file.

OpenSSL enc-aes--ecb-k 000102030405060708090a0b0c0d0e0f-in a.txt-out b.bin-p

The current directory will have more B.bin files, and the screen will give the following two lines of output:

salt=1800000021000000key=000102030405060708090a0b0c0d0e0f</p>

The parameters and outputs are explained as follows:

ENC represents the execution of symmetric encryption operations;

-AES-128-ECB represents the ECB operating mode using the 128-bit AES algorithm;

-K 0001......0F means that the key used for encryption is hex 000102030405060708090a0b0c0d0e0f;

-in and-out indicate the input and output file names;

-P indicates the key used for screen printing encryption key, initial vector IV, salt, and other information. Since the ECB mode does not use the initial vector, there is no information for the IV value here.

Defining the meaning of these parameters, the use of each parameter is required to design the application encryption function. For the command-line reference of OpenSSL itself, the OpenSSL documentation is described in detail. In Chinese, you can refer to Zhao Chunping's "OpenSSL Programming", which opens the download of electronic documents, and the OpenSSL command line is explained in chapter 32nd of the book.

Using OpenSSL to encrypt at the command line