当前位置:网站首页>OpenSSL enc encryption and decryption
OpenSSL enc encryption and decryption
2022-06-11 03:28:00 【ee230】
1、 Overview of symmetric encryption algorithm
openssl The encryption algorithm library provides a wealth of symmetric encryption algorithms , We can go through openssl The symmetric encryption algorithm instructions are provided in the form of , You can also call openssl Provided API The way to use .
openssl Symmetric encryption algorithm instructions are mainly used to encrypt and decrypt data ,openssl Basically, it provides the application of instruction for all symmetric encryption algorithms supported by it , The name of these application instructions is basically the name of the symmetric encryption algorithm itself plus the number of digits 、 Encryption mode or combination of other attributes . for example DES Algorithm CBC Pattern , The corresponding instruction is des-cbc. You can use the command to view the current version of openssl Supported symmetric encryption algorithm , for example Ubunt14.04 openssl The version and instructions supporting symmetric encryption algorithm are as follows :
[email protected]:~$ openssl enc -help unknown option '-' options are ...
/**/ Cipher Types -aes-128-cbc -aes-128-cbc-hmac-sha1 -aes-128-cfb -aes-128-cfb1 -aes-128-cfb8 -aes-128-ctr -aes-128-ecb -aes-128-gcm -aes-128-ofb -aes-128-xts -aes-192-cbc -aes-192-cfb -aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr -aes-192-ecb -aes-192-gcm -aes-192-ofb -aes-256-cbc -aes-256-cbc-hmac-sha1 -aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 -aes-256-ctr -aes-256-ecb -aes-256-gcm -aes-256-ofb -aes-256-xts -aes128 -aes192 -aes256 -bf -bf-cbc -bf-cfb -bf-ecb -bf-ofb -blowfish -camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8 -camellia-128-ecb -camellia-128-ofb -camellia-192-cbc -camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ecb -camellia-192-ofb -camellia-256-cbc -camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8 -camellia-256-ecb -camellia-256-ofb -camellia128 -camellia192 -camellia256 -cast -cast-cbc -cast5-cbc -cast5-cfb -cast5-ecb -cast5-ofb -des -des-cbc -des-cfb -des-cfb1 -des-cfb8 -des-ecb -des-ede -des-ede-cbc -des-ede-cfb -des-ede-ofb -des-ede3 -des-ede3-cbc -des-ede3-cfb -des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb -des-ofb -des3 -desx -desx-cbc -id-aes128-GCM -id-aes192-GCM -id-aes256-GCM -rc2 -rc2-40-cbc -rc2-64-cbc -rc2-cbc -rc2-cfb -rc2-ecb -rc2-ofb -rc4 -rc4-40 -rc4-hmac-md5 -seed -seed-cbc -seed-cfb -seed-ecb -seed-ofb
As you can see, what we do above is enc -help command ,enc What is it? ? original openssl There are two ways to call the symmetric encryption algorithm :
One is to directly call symmetric encryption instructions , for example :
openssl des-cbc -in plain.txt -out encrypt.txt -pass pass:12345678
The other is to use enc The way , That is, the symmetric encryption instruction is used as enc Instruction parameter , for example :.
openssl enc -des-cbc -in plain.txt -out encrypt.txt -pass pass:12345678
The above two instructions perform the same functions , And its parameters are the same . original enc What is the function ? Simply speaking , In order to save trouble …….
openssl Provides N Multiple symmetric encryption algorithm instructions ,enc That's all N Multiple symmetric encryption algorithm instructions are integrated into enc In the instruction . When users use , Just use enc, Specify encryption algorithm , Is to complete the operation completed by a separate encryption algorithm instruction . and ,enc Symmetric encryption algorithm instructions that can be specified in may not exist as separate instructions . All authors recommend using enc This way, .
Of course , although openssl Although the symmetric encryption algorithm instructions provided to us are powerful , But it's not complete , For example, symmetric encryption algorithm does not support 76 Bit RC2 Encryption and decryption or 84 Bit RC4 Encryption and decryption lamp function . If you want to use these encryption algorithms and patterns flexibly , You need to learn openssl Provided API
2、 Symmetric encryption algorithm instruction parameters
Can pass enc Of man Manual review enc Detailed usage , It can also be done through enc -help To view the summary of main parameters , as follows
[email protected]:~$ openssl enc -help unknown option '-help' options are -in <file> input file -out <file> output file -pass <arg> pass phrase source -e encrypt -d decrypt -a/-base64 base64 encode/decode, depending on encryption flag -k passphrase is the next argument -kfile passphrase is the first line of the file argument -md the next argument is the md to use to create a key from a passphrase. One of md2, md5, sha or sha1 -S salt in hex is the next argument -K/-iv key/iv in hex is the next argument -[pP] print the iv/key (then exit if -P) -bufsize <n> buffer size -nopad disable standard block padding -engine e use engine e, possibly a hardware device. Cipher Types ...
[in/out]
These two parameters specify the input file and the output file , Encryption means that the input file is plaintext , The output file is ciphertext ; When decrypting, the input file is ciphertext , The output file is clear text .
[pass]
Specify how to enter the password , There are five ways : Command line input (stdin)、 File input (file)、 Environment variable input (var)、 File descriptor input (fd)、 The standard input (stdin). The default is standard input , And input from the keyboard .
[e/d]
e: encryption , d: Decrypt The default is encryption
[-a/-base64]
Because the file is encrypted in binary form , Inconvenient to view , Use this parameter to make the encrypted content pass through base64 code , Make it readable ; Again , Decryption needs to be done first base64 Decoding , Then decrypt .
[-k/-kfile]
Compatible with previous versions , Specify the password input method , Has been pass Parameters replace
[md]
Specify the digest algorithm for key generation , The password entered by the user cannot be directly used as the key for file encryption , Instead, it is transformed through the summary algorithm , This parameter specifies the digest algorithm , Default md5
[-S]
To enhance security , The salt value is required to convert the user password into an encryption key , Default salt values are generated randomly . Use this parameter , The salt value is specified by the user . It can also refer to -nosalt Specifies that the salt value is not used , But it reduces security , It is not recommended to use .
[K/IV]
Of the encryption key for the default file Key and IV The value is generated by transforming the password entered by the user , But it can also be specified by the user Key/IV value , here pass Parameters don't work
[pP]
add p Parameter will print the file key Key and IV value , add P Parameter also prints the file key Key and IV value , But do not perform real encryption and decryption operations
[bufsize]
Reading and writing files I/O cache , In general, it is not necessary to specify
[-nopad]
Do not use complement , This requires that the input data length is a multiple of the packet size using the encryption algorithm
[engine]
Specify a third-party encryption device , There is no environment , No experiment for the time being
3、 Example of symmetric encryption algorithm
1、 Only on files base64 code , Instead of using encryption and decryption
/* On the file base64 code */ openssl enc -base64 -in plain.txt -out base64.txt /* Yes base64 Format file for decryption operation */ openssl enc -base64 -d -in base64.txt -out plain2.txt /* Use diff Command view shows that the plaintext is the same before and after decoding */ diff plain.txt plain2.txt
2、 Different ways of password input
/* Command line input , password 123456*/ openssl enc -aes-128-cbc -in plain.txt -out out.txt -pass pass:123456 /* File input , password 123456*/ echo 123456 > passwd.txt openssl enc -aes-128-cbc -in plain.txt -out out.txt -pass file:passwd.txt /* Environment variable input , password 123456*/
passwd=123456
export passwd
openssl enc -aes-128-cbc -in plain.txt -out out.txt -pass env:passwd
/* Import... From file description */
openssl enc -aes-128-cbc -in plain.txt -out out.txt -pass fd:1
/* Input from standard input */
openssl enc -aes-128-cbc -in plain.txt -out out.txt -pass stdin
3、 Fix salt Value encryption
[email protected]:~$ openssl enc -aes-128-cbc -in plain.txt -out encrypt.txt -pass pass:123456 -P salt=32F5C360F21FC12D key=D7E1499A578490DF940D99CAE2E29EB1 iv =78EEB538897CAF045F807A97F3CFF498 [email protected]:~$ openssl enc -aes-128-cbc -in plain.txt -out encrypt.txt -pass pass:123456 -P salt=DAA482697BECAB46 key=9FF8A41E4AC011FA84032F14B5B88BAE iv =202E38A43573F752CCD294EB8A0583E7 [email protected]:~$ openssl enc -aes-128-cbc -in plain.txt -out encrypt.txt -pass pass:123456 -P -S 123 salt=1230000000000000 key=50E1723DC328D98F133E321FC2908B78 iv =1528E9AD498FF118AB7ECB3025AD0DC6 [email protected]:~$ openssl enc -aes-128-cbc -in plain.txt -out encrypt.txt -pass pass:123456 -P -S 123 salt=1230000000000000 key=50E1723DC328D98F133E321FC2908B78 iv =1528E9AD498FF118AB7ECB3025AD0DC6 [email protected]:~$
You can see , Don't use -S Parameters ,salt Parameters are generated randomly ,key and iv The values are constantly changing , When slat When the value is fixed ,key and iv The value is also fixed .
4、 After encryption and decryption, the process uses base64 codec
/* Use -a Use after parameter encryption base64 code */ [email protected]:~$ openssl enc -aes-128-cbc -in plain.txt -a -out encrypt.txt -pass pass:123456 /* Use -a Parameter before decryption base64 decode */ [email protected]:~$ openssl enc -aes-128-cbc -in encrypt.txt -d -a -out plain1.txt -pass pass:123456 /* file */ [email protected]:~$ diff plain.txt plain1.txt /* The encrypted file uses base64 code */ [email protected]:~$ cat encrypt.txt U2FsdGVkX19KbCj9GMI1TBOQjP8JJcefIUH1tHwf/Z4=
5、 Specify manually Key and IV value
/* Specify manually key and iv value ,salt Fix */ [email protected]:~$ openssl enc -aes-128-cbc -in plain.txt -out encrypt.txt -K 1223 -iv f123 -p salt=0B00000000000000 key=12230000000000000000000000000000 iv =F1230000000000000000000000000000 /* Appoint pass password , It doesn't work , Be careful Key and IV The value is 16 Base number */ [email protected]:~$ openssl enc -aes-128-cbc -in plain.txt -out encrypt.txt -K 1223 -iv f123 -p -pass pass:123456 salt=F502F4B8DE62E0E5 key=12230000000000000000000000000000 iv =F1230000000000000000000000000000
边栏推荐
- 删除CSDN上传图片的水印
- OpenGL第八章 材质material
- A simple understanding of C language array
- ThoughtWorks.QRCode功能齐全的生成器
- 023 MySQL索引优化口诀-索引失效的常见情况
- File file = new file ("test.txt") file path
- has been blocked by CORS policy: No ‘Access-Control-Allow-Origin‘ header is present on the requested
- Basic use of sonarqube platform
- R生物信息学统计分析
- 被“内卷”酸翻的OPPO Reno6
猜你喜欢
Tweenmax colorful ball bouncing animation
How should Xiaobai start the Amazon self support evaluation?
名不副实的雅迪高端品牌VFLY,为何“不高端”?
canvas+svg线条粒子动画网页背景
亚马逊测评自养号,小白应该如何开始?
Unity's data persistence -- Jason
OpenGL错误指南
Canvas drawing -- how to place the drawing in the center of the canvas
音乐正版率关键数据缺失,网易云音乐IPO胜算几何?
潮玩力真火力!年轻人第一台巨幕影院?酷开电视Max 86“庞然来袭
随机推荐
js最常用的排序---手撕js系列
Azure Kubernates Service 更新|提升开发体验和效率
JSCPCP L. Collecting Diamonds(思维)
Canvas rotation drawing H5 animation JS effect
科技PRO实力测评:高端按摩椅市场综合PK,究竟谁才配得上机皇?
音乐正版率关键数据缺失,网易云音乐IPO胜算几何?
Promise使用
摘桃子(双指针)
window10安装keras
Gd32 can sends no mailbox fault
postgresql 函数的参数为自定义类型时传参格式
Canvas+svg line particle animation web page background
What has TCL done right to break through the technological strength of Chinese brand innovation?
ArTalk | 如何用最小投入,构建国产超融合进化底座?
Vocabulary Construction -- code completion fast food tutorial (3) - word segmentation
Logical deletion_ Swagger2 framework integration
多线程四部曲之NSThread
C language pointer
Checkbox beautify button selected style
【安全科普】挖矿技术,从一个理工男的爱情故事讲起