Symmetric Cryptography in OpenSSL - Encryption Algorithms

Author
By Darío Rivera
Posted On in OpenSSL

OpenSSL is a library that implements web security protocols SSL (secure sockets layer), TLS (transport layer security) and a series of operations such as symmetric cryptography. This series of operations and protocols aim to protect the security of information between two parties. The source code of this library can be downloaded from the official openssl page at www.openssl.org. Compiled versions exist for each linux distribution, just search in your preferred distribution's package search. An specific distribution for windows can be found here.

The first thing you may wonder when hearing SSL, TLS or OpenSSL is what is this for? The range of utilities of OpenSSL in particular is quite wide. However, to give you an idea, SSL Certificates of websites, those that appear in green in the navigation bar when you enter and start with HTTPS, are created with OpenSSL. Another widely used (which also includes the first example certificates) is the digital signature of documents.

First steps

Let's see the first command of the command line tool to see which OpenSSL version we have:

openssl version
OpenSSL 1.1.0g  2 Nov 2017

On the other hand, OpenSSL's series of commands can be seen by running the following command:

openssl help

Which will show an output similar to the following:

16_1

Symmetric key encryption algorithms

In the previous image you can see a section that lists the encryption commands which refer to different encryption algorithms available. Not all encryption commands include a secret key. For example, if you examine the list in detail you will find the well-known base64 encoding. This combination creates an ASCII string using uppercase and lowercase letters, numbers, and characters +=/. Let's see the following example:

touch myfile.txt
echo "123456789" > myfile.txt
openssl enc -base64 -in myfile.txt

With this, we create a file called myfile.txt, add the string "123456789" to the file content and get its base64 encryption which should yield the following result:

MTIzNDU2Nzg5Cg==

AES

Now comes the interesting part, let's use the AES algorithm, in CBC mode, and a 256-bit key to encrypt the message "Hello world".

touch mymessage.txt
echo "Hello world" > mymessage.txt
openssl enc -aes-256-cbc -in mymessage.txt -out encrypted.bin

With this, we create the file mymessage.txt and save in it the text "Hello world". Next, we run the command to encrypt with a secret key which will prompt us for the key with which the information will be encrypted.

enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

The secret key is created according to the password we enter in the console. The output of this command is the encrypted file encrypted.bin which is a binary file. To get the original message from this file, just run the following command:

openssl enc -aes-256-cbc -d -in encrypted.bin -pass pass:MYPASSWORD

You must replace MYPASSWORD with the password with which you encrypted the file. This encryption system is used in symmetric cryptography because it uses only one key to encrypt and decrypt messages.

DES

The DES algorithm is the predecessor of AES. To use this algorithm and all others in the list, the same metric as the command must be followed.

openssl enc -des -in mymessage.txt -out encrypted.bin

And to decrypt:

openssl enc -des -d -in encrypted.bin -pass pass:MYPASSWORD

Well, this is the basics of OpenSSL, I hope you can use these commands to encrypt one or another message or information at your disposal. Until next time.


Acerca de Darío Rivera

Author

Application Architect at Elentra Corp . Quality developer and passionate learner with 10+ years of experience in web technologies. Creator of EasyHttp , an standard way to consume HTTP Clients.

LinkedIn Twitter Instagram

Sólo aquellos que han alcanzado el éxito saben que siempre estuvo a un paso del momento en que pensaron renunciar.