How to encrypt a large file using openssl?

OpenSSL is a powerful cryptographic toolkit that provides various security functions including file encryption. It comes pre-installed on most Linux distributions, but can be installed via package managers if needed. This article demonstrates how to encrypt large files using OpenSSL's public-key cryptography features.

Understanding Encryption Types

Before diving into file encryption, it's important to understand the two main encryption approaches:

• Symmetric (Secret-key) encryption Uses the same key for both encryption and decryption

• Asymmetric (Public-key) encryption Uses separate keys for encryption and decryption

Public-key encryption is more secure as it eliminates key-sharing concerns, while symmetric encryption is faster. Combining both methods maximizes security and performance benefits.

Key Pair Generation

First, both users (Sachin and Mohit) must generate their RSA key pairs. Each key pair consists of a public key (shareable) and a private key (kept secret).

Sachin Generates His Key Pair

$ openssl genrsa -aes128 -out sachin_private.pem 1024

Generating RSA private key, 1024 bit long modulus
.....................................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for sachin_private.pem:
Verifying - Enter pass phrase for sachin_private.pem:

This command uses genrsa to generate a 1024-bit RSA key pair, with the private key encrypted using AES-128 encryption.

Mohit Generates His Key Pair

$ openssl genrsa -aes128 -out mohit_private.pem 1024

Extracting Public Keys

Both users must extract their public keys from the private key files:

$ openssl rsa -in sachin_private.pem -pubout > sachin_public.pem
$ openssl rsa -in mohit_private.pem -pubout > mohit_public.pem

Enter pass phrase for sachin_private.pem:
writing RSA key

Exchanging Public Keys

Public keys must be shared between users. This can be done securely using the scp command:

# Sachin sends his public key to Mohit
$ scp sachin_public.pem mohit@mohit-machine:/path/

# Mohit sends his public key to Sachin  
$ scp mohit_public.pem sachin@sachin-machine:/path/

File Encryption Process

To encrypt a file for Mohit, Sachin uses Mohit's public key with the following command:

$ openssl rsautl -encrypt -inkey mohit_public.pem -pubin -in file_name.txt -out file_name.enc

Note: For OpenSSL version 3.0 and above, use pkeyutl instead of rsautl:

$ openssl pkeyutl -encrypt -inkey mohit_public.pem -pubin -in file_name.txt -out file_name.enc

File Decryption Process

Mohit can decrypt the received file using his private key:

$ openssl rsautl -decrypt -inkey mohit_private.pem -in file_name.enc > file_name.txt

The system will prompt for Mohit's private key passphrase before decrypting the file.

Security Considerations

Conclusion

OpenSSL provides robust file encryption capabilities using public-key cryptography. While RSA encryption works well for smaller files, large files may require hybrid encryption approaches combining symmetric and asymmetric methods. The key exchange process ensures secure communication without requiring prior shared secrets between parties.