Symmetric Cryptography in OpenSSL - Encryption Algorithms
OpenSSL is a library that implements web security protocols SSL (secure sockets layer), TLS (transport layer security) and a series of operations such as symmetric cryptography. This series of operations and protocols aim to protect the security of information between two parties. The source code of this library can be downloaded from the official openssl page at www.openssl.org. Compiled versions exist for each linux distribution, just search in your preferred distribution's package search. An specific distribution for windows can be found here.
The first thing you may wonder when hearing SSL, TLS or OpenSSL is what is this for? The range of utilities of OpenSSL in particular is quite wide. However, to give you an idea, SSL Certificates of websites, those that appear in green in the navigation bar when you enter and start with HTTPS, are created with OpenSSL. Another widely used (which also includes the first example certificates) is the digital signature of documents.
First steps
Let's see the first command of the command line tool to see which OpenSSL version we have:
openssl version
OpenSSL 1.1.0g 2 Nov 2017On the other hand, OpenSSL's series of commands can be seen by running the following command:
openssl helpWhich will show an output similar to the following:
Symmetric key encryption algorithms
In the previous image you can see a section that lists the encryption commands which refer to different encryption algorithms available. Not all encryption commands include a secret key. For example, if you examine the list in detail you will find the well-known base64 encoding. This combination creates an ASCII string using uppercase and lowercase letters, numbers, and characters +=/. Let's see the following example:
touch myfile.txt
echo "123456789" > myfile.txt
openssl enc -base64 -in myfile.txtWith this, we create a file called myfile.txt, add the string "123456789" to the file content and get its base64 encryption which should yield the following result:
MTIzNDU2Nzg5Cg==AES
Now comes the interesting part, let's use the AES algorithm, in CBC mode, and a 256-bit key to encrypt the message "Hello world".
touch mymessage.txt
echo "Hello world" > mymessage.txt
openssl enc -aes-256-cbc -in mymessage.txt -out encrypted.bin
With this, we create the file mymessage.txt and save in it the text "Hello world". Next, we run the command to encrypt with a secret key which will prompt us for the key with which the information will be encrypted.
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
The secret key is created according to the password we enter in the console. The output of this command is the encrypted file encrypted.bin which is a binary file. To get the original message from this file, just run the following command:
openssl enc -aes-256-cbc -d -in encrypted.bin -pass pass:MYPASSWORD
You must replace MYPASSWORD with the password with which you encrypted the file. This encryption system is used in symmetric cryptography because it uses only one key to encrypt and decrypt messages.
DES
The DES algorithm is the predecessor of AES. To use this algorithm and all others in the list, the same metric as the command must be followed.
openssl enc -des -in mymessage.txt -out encrypted.bin
And to decrypt:
openssl enc -des -d -in encrypted.bin -pass pass:MYPASSWORD
Well, this is the basics of OpenSSL, I hope you can use these commands to encrypt one or another message or information at your disposal. Until next time.