Encrypt a string using openssl command line
I have a 16 byte character that I would like to encrypt using openssl into a 16 byte encrypted string.
This encrypted string ( in human readable format ) then needs to be supplied to a user who would use it, and the string would be decrypted to its original 16-byte form for comparison and authentication. Could anyone please tell me how this would be possible with openssl commandline.
Thanks in advance.
Here's one way to encrypt a string with openssl on the command line (must enter password twice):
echo -n "aaaabbbbccccdddd" | openssl enc -e -aes-256-cbc -a -salt enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
Here's what the output looks like:
Edit: To my knowledge, you can't control the number of bytes out. You can b64 or hex encode it, but that's about it. Also, if you want to save that string to a file rather than stdout, use the -out option.
I have a 16 byte character that I would like to encrypt using openssl into a 16 byte encrypted string [in human readable format]
I believe you are looking for Format Preserving Encryption. I think the caveat is you have to start with a 16-byte human readable string. Phillip Rogaway has a paper on the technologies: Synopsis of Format-Preserving Encryption. There's a lot to the paper, and it can't fit into a single paragraph on Stack Overflow.
If you can start with a shorter string and use a streaming mode like OCB, OFB or CTR, then you can Base64 encode the final string so that the result is 16-bytes and human readable. Base64 expands at a rate of 3 → 4 (3 un-encoded expands to 4 encoded), so you'd need a shorter string of length 12 characters to achieve 16 human readable characters.
As far as I know, there are no command line tools that do it natively. You may be able to use OpenSSL on the command line with AES/CTR and pipe it through base64 command. The following gets close, but it starts with 11 characters (and not 12):
$ echo 12345678901 | openssl enc -e -base64 -aes-128-ctr -nopad -nosalt -k secret_password cSTzU8+UPQQwpRAq
Also, you really need to understand te -k option (and -K for that matter), and how it derives a key so you can do it outside of the OpenSSL command (if needed).
echo 'foo' | openssl aes-256-cbc -a -salt echo 'U2FsdGVkX1/QGdl4syQE8bLFSr2HzoAlcG299U/T/Xk=' | openssl aes-256-cbc -a -d -salt
to list all available ciphers.
$ echo "a_byte_character" | openssl enc -base64
and you have 100+ Cipher Types
-aes-128-cbc -aes-128-cfb -aes-128-cfb1 -aes-128-cfb8 -aes-128-ctr -aes-128-ecb -aes-128-gcm -aes-128-ofb -aes-128-xts -aes-192-cbc -aes-192-cfb -aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr -aes-192-ecb -aes-192-gcm -aes-192-ofb -aes-256-cbc -aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 -aes-256-ctr -aes-256-ecb -aes-256-gcm -aes-256-ofb -aes-256-xts -aes128 -aes192 -aes256 -bf -bf-cbc -bf-cfb -bf-ecb -bf-ofb -blowfish -camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8 -camellia-128-ecb -camellia-128-ofb -camellia-192-cbc -camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ecb -camellia-192-ofb -camellia-256-cbc -camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8 -camellia-256-ecb -camellia-256-ofb -camellia128 -camellia192 -camellia256 -cast -cast-cbc -cast5-cbc -cast5-cfb -cast5-ecb -cast5-ofb -des -des-cbc -des-cfb -des-cfb1 -des-cfb8 -des-ecb -des-ede -des-ede-cbc -des-ede-cfb -des-ede-ofb -des-ede3 -des-ede3-cbc -des-ede3-cfb -des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb -des-ofb -des3 -desx -desx-cbc -id-aes128-GCM -id-aes192-GCM -id-aes256-GCM -rc2 -rc2-40-cbc -rc2-64-cbc -rc2-cbc -rc2-cfb -rc2-ecb -rc2-ofb -rc4 -rc4-40 -rc4-hmac-md5 -seed -seed-cbc -seed-cfb -seed-ecb -seed-ofb