This post briefly describes how to utilise AES to encrypt and decrypt files with OpenSSL.
AES - Advanced Encryption Standard (also known as Rijndael).
OpenSSL - Cryptography and SSL/TLS Toolkit
We’ll walk through the following steps:
- Generate an AES key plus Initialization vector (iv) with
- how to encode/decode a file with the generated key/iv pair
Note: AES is a symmetric-key algorithm which means it uses the same key during encryption/decryption.
Generating key/iv pair
We want to generate a
256-bit key and use Cipher Block Chaining
The basic command to use is
openssl enc plus some options:
-P— Print out the salt, key and IV used, then exit
-pass pass:<secret>— to specify the password to use
-aes-256-cbc— the cipher name
$ openssl enc -nosalt -aes-256-cbc -k hello-aes -P key=C639A572E14D5075C5…2EF3D2710AF9F359DD4 iv =D09A4D2C5DC39843FE075313A7EF2F4C
Note: We decided to use no salt to keep the example simple.
openssl enc --help for more details and options (e.g. other ciphernames, how to specify a salt, …).
Let's start with encoding
Hello, AES! contained in the text file
$ openssl enc -nosalt -aes-256-cbc -in message.txt -out message.txt.enc -base64 -K <key> -iv <iv>
Decoding is almost the same command line - just an additional
-d for decrypting:
$ openssl enc -nosalt -aes-256-cbc -d -in message.txt.enc -base64 -K <key> -iv <iv> Hello, AES!
Note: Beware of the line breaks
While working with AES encryption I encountered the situation where the encoder sometimes produces base 64 encoded data with or without line breaks...
Short answer: Yes, use the OpenSSL