using openssl to encrypt a file. Don't know that this post really needs to be written since I found a very good howto at http://osxdaily.com/2012/01/30/encrypt-and-decrypt-files-with-openssl/ but I might as well give people another one.
openssl can be used on the command line to encrypt/decrypt different files. The command structure is something like this:
openssl [type of encryption to use] -in [input filename] -out [output filename]
Then if you would like to decrypt a file you just add the -d flag
openssl [type of encryption to use] -d -in [input filename] -out [output filename]
and then of course the input file would be the encrypted file, which would then output the plaintext (after you provide the correct passphrase/key)
I got curious about trying to make a tar.gz/bz2 file out of various files you would like to encrypt. I haven't tryed this on very large files, but I have read somewhere that it is not recommended and may not work. Although for throwing a few documents together, mainly text or maybe a few pics, it works fine. I actually learned a whole lot about shell scripting with this project. Here is the code:
########################
#! /bin/bash
USAGE=$'Usage: ./encrypt <output_filename> <file1> <file2> <...>\n-h\tshow help\n-o\toverwrite file\n-d\tdecrypt\n-v\tshow version'
FLAGS=()
FILES=()
FILENAME=()
if [ "$#" -lt 2 ]
then
echo "$USAGE"
exit 1
fi
for p in "$@"
do
if [ -f "$p" ]
then
FILES=( "${FILES[@]}" "$p" )
elif [ -d "$p" ]
then
FILES=( "${FILES[@]}" "$p" )
elif [ "${p:0:1}" == "-" ]
then
FLAGS=( "${FLAGS[@]}" "$p" )
else
FILENAME=( "${FILENAME[@]}" "$p" )
fi
done
len=${#FILENAME[*]}
if [ "$len" -gt 1 ]
then
echo "${FILENAME[@]}"
echo "Command not recognized: ${FILENAME[0]}"
echo "$USAGE"
exit 1
fi
OVERWRITE=0
DECRYPT=0
if [ ${#FLAGS[*]} -gt 0 ]
then
for flag in "$FLAGS"
do
if [ $flag == "-o" ]
then
OVERWRITE=1
elif [ $flag == "-d" ]
then
DECRYPT=1
elif [ "$flag" == "-h" ] || [ "$flag" == "--help" ]
then
echo "$USAGE"
exit 1
elif [ "$flag" == "-v" ]
then
echo "encrypt v1.0"
exit 1
else
echo "Flag not recognized: $flag"
echo "$USAGE"
exit 1
fi
done
fi
if [ $DECRYPT -eq 0 ]
then
tar cvjf ${FILENAME[0]}.tar.bz2 ${FILES[@]}
openssl enc -aes-256-cbc -salt -in ${FILENAME[0]}.tar.bz2 -out ${FILENAME[0]}
if [ $OVERWRITE -gt 0 ]
then
rm ${FILES[@]}
fi
rm ${FILENAME[0]}.tar.bz2
exit 1
fi
openssl enc -d -aes-256-cbc -in ${FILES[0]} -out ${FILENAME[0]}.tar.bz2
tar xvjf ${FILENAME[0]}.tar.bz2
rm ${FILENAME[0]}.tar.bz2
if [ $OVERWRITE -gt 0 ]
then
rm ${FILES[0]}
fi
#############################
This can also be used to decrypt the file. I used aes-256 encryption because it seemed to be one of the most secure. Most of the code is probably for processing the command line flags, the actual code to create a tar.bz2 and encrypt it is pretty simple. This is probably about as far as I got in working with openssl. I am fascinated by cryptography and encryption, but don't really have much use for it(yet).
No comments:
Post a Comment