The OpenSSL command is built into most Linux distributions, and can be used for encrypted and encoding things.
Encrypting a message
OpenSSL can be used to encrypt and decrypt messages. The following command will encrypt a message:
echo "Hello" | openssl enc -bf -pass pass:abc123
I chose to use blowfish, but you can get a list of all available ciphers with:
However, you’ll notice it gives you non-unicode characters:
To fix this, simply tell OpenSSL to use base64 encoding:
echo "Hello" | openssl enc -a -bf -pass pass:abc123
this will return something like:
but, it will be different each time because OpenSSL adds a salt to make it harder to crack.
Decrypting a message
To decrypt a message, simple run the same thing, but with the
echo "U2FsdGVkX1+gY6RSJ4HUntrKFFzJbdQt" | openssl enc -d -a -bf -pass pass:abc123
this should return:
Encrypting a file
To encrypt a file, you simply need to add a few options to OpenSSL. First, make a file:
echo "test" > test.txt
then, let’s encrypt it with blowfish:
openssl enc -a -bf -in test.txt -out test.enc -pass pass:abc123
test.enc will now contain:
While you don’t really need to use base64 since it’s in a file, I still recommend it because it makes copying and pasting possible.
Decrypting a file
Simply run the same command to encrypt, but with the
openssl enc -d -a -bf -in test.enc -out test.dec -pass pass:abc123
test.dec, ad you should see:
This means everything worked! Also, if you don’t use the
-pass flag, OpenSSL will automatically ask you for the password, so it’s not needed, but it makes copying and pasting the commands easier.
If you ever need to hash something, to verify it hasn’t been tampered with, OpenSSL can also help you out. Simply use
echo "test" | openssl dgst -sha512
there are other hashing algorithms, but SHA512 is currently the most secure one.
To get the hash of a file, simply use the
cat command, as I couldn’t find a way to hash a file directly with OpenSSL, as the help page returns:
options are -c to output the digest with separating colons -r to output the digest in coreutils format -d to output debug info -hex output as hex dump -binary output in binary form -hmac arg set the HMAC key to arg -non-fips-allow allow use of non FIPS digest -sign file sign digest using private key in file -verify file verify a signature using public key in file -prverify file verify a signature using private key in file -keyform arg key file format (PEM or ENGINE) -out filename output to filename rather than stdout -signature file signature to verify -sigopt nm:v signature parameter -hmac key create hashed MAC with key -mac algorithm create MAC (not neccessarily HMAC) -macopt nm:v MAC algorithm parameters or key -engine e use engine e, possibly a hardware device. -md4 to use the md4 message digest algorithm -md5 to use the md5 message digest algorithm -ripemd160 to use the ripemd160 message digest algorithm -sha to use the sha message digest algorithm -sha1 to use the sha1 message digest algorithm -sha224 to use the sha224 message digest algorithm -sha256 to use the sha256 message digest algorithm -sha384 to use the sha384 message digest algorithm -sha512 to use the sha512 message digest algorithm -whirlpool to use the whirlpool message digest algorithm
so, just run:
cat file | openssl dgst -sha512
Also, if you want to get just the hash, run:
echo "test" | openssl dgst -sha512 | cut -d " " -f 2
(stdin)= and then the hash.