Knowledge
OpenSSL

Encryption

Encrypt and decrypt files with OpenSSL

Encryption

Symmetric Encryption

Encrypt a file with AES-256-CBC:

openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.bin

With explicit password:

openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.bin -pass pass:mypassword

Using PBKDF2 (recommended):

openssl enc -aes-256-cbc -salt -pbkdf2 -in plaintext.txt -out encrypted.bin

Symmetric Decryption

openssl enc -aes-256-cbc -d -in encrypted.bin -out decrypted.txt

With PBKDF2:

openssl enc -aes-256-cbc -d -pbkdf2 -in encrypted.bin -out decrypted.txt

Base64 Encoding

Encode:

openssl base64 -in file.bin -out file.b64

Decode:

openssl base64 -d -in file.b64 -out file.bin

Asymmetric Encryption (RSA)

Encrypt with public key:

openssl rsautl -encrypt -pubin -inkey public.key -in plaintext.txt -out encrypted.bin

Decrypt with private key:

openssl rsautl -decrypt -inkey private.key -in encrypted.bin -out decrypted.txt
RSA encryption is limited by key size. For larger files, encrypt with a symmetric key and encrypt that key with RSA.

Generate Random Data

Generate random bytes:

openssl rand -out random.bin 32

As hex string:

openssl rand -hex 32

As base64:

openssl rand -base64 32

Hash Functions

MD5 (not recommended for security):

openssl md5 file.txt

SHA-256:

openssl sha256 file.txt

SHA-512:

openssl sha512 file.txt

Keys

Generate and manage cryptographic keys

Verification

Verify certificates and test connections