I had a requirement to share a file with a colleague, which I did using Box. However, I wanted to go one step further and encrypt the file BEFORE sharing.
openssl:Error: 'help' is an invalid command.
Standard commands
asn1parse ca ciphers crl crl2pkcs7
dgst dh dhparam dsa dsaparam
ec ecparam enc engine errstr
gendh gendsa genrsa nseq ocsp
passwd pkcs12 pkcs7 pkcs8 prime
rand req rsa rsautl s_client
s_server s_time sess_id smime speed
spkac verify version x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 mdc2 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb
This is known, in some circles, as Pre-Internet Encryption (PIE), which is funny, because I like pie - fish pie, apple pie, mince pie, you name it :-)
This is what I did: -
Encrypt the file
openssl enc -aes-256-cbc -in Patent.doc > Patent_enc.doc
This example uses the AES-256-CBC cipher and requests a password, which is used, with the chosen block/stream cipher, to encrypt the file.
This example uses the AES-256-CBC cipher and requests a password, which is used, with the chosen block/stream cipher, to encrypt the file.
My colleague then used a similar command: -
openssl enc -aes-256-cbc -in Patent_enc.doc -d > Patent.doc
to decrypt the file.
to decrypt the file.
I could've used one of a number of ciphers: -
For the record, whilst I shared the file with him via Box, I shared the decryption command via Slack, and the password via a third, separate channel.
Don't call me paranoid :-)
From the Wiki here: -
…
This page describes the command line tools for encryption and decryption. Enc is used for various block and stream ciphers using keys based on passwords or explicitly provided. It can also be used for Base64 encoding or decoding.
…
It's also worth noting that the openSSL command on macOS is somewhat limited / out-of-date.
This is what I have: -
openssl version
OpenSSL 0.9.8zh 14 Jan 2016
as compared to Red Hat: -
openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
So the macOS version is older but newer :-)
As an example, this command ( from the Wiki ): -
openssl list-cipher-algorithms
gives this error on macOS: -
openssl:Error: 'list-cipher-algorithms' is an invalid command.
whereas on RHEL, it gives a huge list :-)
However, I was able to work out what ciphers the command supported: -
openssl help
openssl:Error: 'help' is an invalid command.
Standard commands
asn1parse ca ciphers crl crl2pkcs7
dgst dh dhparam dsa dsaparam
ec ecparam enc engine errstr
gendh gendsa genrsa nseq ocsp
passwd pkcs12 pkcs7 pkcs8 prime
rand req rsa rsautl s_client
s_server s_time sess_id smime speed
spkac verify version x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 mdc2 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb