- Trending Categories
- Data Structure
- Operating System
- MS Excel
- C Programming
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to encrypt a large file using openssl?
OpenSSL is a valuable tool for general-purpose cryptography and secure communication, and it does various tasks, including encrypting files. Most Linux distributions install the device by default; if not, you can install it using your package manager.
Before encrypting a file using OpenSSL, let us have a basic understanding of encryption.
Encryption is a method of encoding a message to protect its contents from prying eyes. There are two types in general −
Symmetric or secret-key encryption
Asymmetric or public-key encryption
Secret-key encryption uses the same key for encryption and decryption, whereas publickey encryption uses separate keys for encryption and decryption.
Each method has advantages and disadvantages. Public-key encryption is more secure than secret-key encryption because it addresses concerns about securely sharing keys, and secret-key encryption is faster than public-key encryption.
Using them together maximises the benefits of each type's strengths
Public key Encryption
Public key encryption uses two sets of keys, It is called a key pair.
The public key can be freely shared with anyone you want to communicate secretly with. Private key should be kept private and never shared.
Encryption is performed using public keys. If you want to share sensitive information with someone, you can send them your public key, to encrypt messages or files before sending them to you. Decryption is accomplished through private keys, and you can only decrypt your sender's encrypted message using your private key.
Encrypting file using OpenSSL
Let us assume two users, Sachin and Mohit, who want to communicate with each other by exchanging encrypted files using OpenSSL.
You must first generate a pair of keys before you can encrypt files. You'll also need a passphrase, which you'll need to remember every time you use OpenSSL, so make sure to remember it.
Sachin generates his key pair set using this command
$ openssl genrsa -aes128 -out sachin_private.pem 1024 [root@localhost ~]# openssl genrsa -aes128 -out sachin_private.pem 1024
Generating RSA private key, 1024 bit long modulus .....................................++++++ ....++++++ e is 65537 (0x10001) Enter pass phrase for sachin_private.pem: Verifying - Enter pass phrase for sachin_private.pem: [root@localhost ~]#
This command uses “genrsa” command of OpenSSL to generate 1024 bit public/private key pair.
It also uses aes128, a symmetric key algorithm, to encrypt the private key generated by Sachin using genrsa.
[root@localhost ~]# ls -l sachin_private.pem -rw-r--r--. 1 root root 986 Sep 23 21:21 sachin_private.pem [root@localhost ~]# file sachin_private.pem sachin_private.pem: PEM RSA private key [root@localhost ~]#
Mohit will follow the same procedure to create his key pair
openssl genrsa -aes128 -out mohit_private.pem 1024
[root@localhost ~]# openssl genrsa -aes128 -out mohit_private.pem 1024 Generating RSA private key, 1024 bit long modulus ........++++++ ..............................++++++ e is 65537 (0x10001) Enter pass phrase for mohit_private.pem: Verifying - Enter pass phrase for mohit_private.pem: [root@localhost ~]#
Extracting public key
Sachin must extract his public key and save it to a file using the following command
openssl rsa -in sachin_private.pem -pubout > sachin_public.pem
Enter pass phrase for sachin_private.pem:
writing RSA key
Mohit can follow the same procedure to extract public key.
Exchanging public keys
Public keys will not be of any use to both users until they exchange them with each other. There are many methods available for sharing the public key. Copying public keys to each other’s workstation by using scp command is one of them.
If you want to send Sachin’s public key to Mohit’s workstation, you can execute the following command
scp sachin_public.pem mohit@mohit-machine-or-ip:/path/
To send Mohit’s public key to Sachin’s workstation, execute the following command
scp mohit_public.pem sachin@sachin-machine-or-ip:/path/
Now Sachin has the Mohit’s public key and vice versa.
Exchanging encrypted message with a public key
Sachin needs to use the openssl -encrypt command to encrypt this secret message. He has to supply the tool with three inputs −
The name of the file that contains the secret message
Mohit’s public key (file)
The name of a file where the encrypted message will be stored
You can use the following command to encrypt the message.
openssl rsautl -encrypt -inkey mohit_public.pem - pubin -in file_name.txt -out file_name.enc
Note − if you openssl version is 3.0 or above use pkeyutl in place of rsautl, rest all the parameters remain the same.
You can send this file to Mohit's workstation by using scp command, if he uses the usual method to read it, he won't be able to read this file. He requires the three pieces of information to decrypt the message.
The encrypted file
His private key
A file name to save the decrypted output
Openssl rsautl -decrypt -inkey mohit_private.pem - in file_name.enc > file_name.txt
Now Mohit can read the file that Sachin sent him.
We can say the OpenSSl is a program and library that supports many cryptographic functions −
Symmetric key generation
Public/Private key pair generation
Public key encryption
Certificate creation and so on.
In the above article, we have seen how to encrypt a large file using OpenSSL. How we can send a file in a secure way and communication between two users by using OpenSSL. We have also seen symmetric and asymmetric encryption, their advantages, and disadvantages.
Kickstart Your Career
Get certified by completing the courseGet Started