Using openssl with aes256 by passing password works fine:
openssl enc -iv BABA -aes256 -in message.txt -out message.enc -base64 -k 1234
openssl enc -d -iv BABA -aes256 -in message.enc -out message.txt -base64 -k 1234
What I am trying to do is to generate an aes256 key and save it in a file. Then use the key file for encryption/decryption actions.
I found this procedure:
openssl rand -base64 256 > symm_key
openssl enc -aes256 -e -in message.txt -out cipher.bin -pass file:symm_key -salt
openssl enc -aes256 -d -in cipher.bin -out message.txt -pass file:symm_key -salt
Any other solution? I do not want to use password.
Related
I have a shell script where a file path $path have some text which I encrypt as below and it works:
content_sha256="$(openssl dgst -binary -sha256 < $path | openssl enc -e -base64)";
The value of variable content_sha256 works correctly.
Now, I have a string $body which I want to encrypt. I am trying below but it gives me entirely different result.
content_sha256="$(echo $body | openssl dgst -sha256 | openssl enc -e -base64)";
Am I piping something wrong or option for openssl should be different?
Correct answer below
content_sha256="$(echo $body | openssl dgst -binary -sha256 | openssl enc -e -base64)";
Points to note:
Include -binary option.
Instead of redirection of file content as input, use echo $body with pipe .
I'm trying to use openssl to decrypt files. I can successfully encrypt them in a loop, but when I try to change the command to make it decrypt, I get "error reading input file."
for f in /dir1/dir2/*.txt ;
do [ -f $f ] && openssl aes-256-cbc enc -in $f -out $f.enc -k PASSWORD ;
done
!the above works for encrypting
for f in /dir1/dir2/*.txt.enc ;
do [ -f $f ] && openssl enc -d -aes-256-cbc -k PASSWORD -in $f -out $f;
done
"error reading input file"
So I've tried making the input file $f.txt.enc, and $f.enc, and similar fiddling with the outfile. No luck.
I think your encoding line has problem, missing - in front of the aes part ... for reference here are lines that work for me:
openssl enc -aes-256-cbc -in $f -out $f.enc -k PASSWORD
openssl enc -aes-256-cbc -d -in $f.enc -out $f.dec -k PASSWORD
I'm trying to write small linux utility for development purposes that works with JWT signatures.
Problem: linux secret and secret from jwt.io website are different.
I'm using default data from https://jwt.io/#debugger-io and HS256.
Example:
# hmac256
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | hmac256 secret
> 4c9540f793ab33b13670169bdf444c1eb1c37047f18e861981e14e34587b1e04
# openssl
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | openssl dgst -sha256 -hmac secret
> (stdin)= 4c9540f793ab33b13670169bdf444c1eb1c37047f18e861981e14e34587b1e04
# Key from website
# TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
Found answer, result of hash utilities should be in binary format and also in base64 encoding.
So working commands are:
echo -n "{header}.{payload}" | hmac256 --binary secret | base64
echo -n "{header}.{payload}" | openssl dgst -sha256 -binary -hmac secret | base64
Example:
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | hmac256 --binary secret | base64
> TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ=
$ echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9" | openssl dgst -sha256 -binary -hmac secret | base64
> TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ=
This does not append the output of the time command to file.txt
echo $(time openssl genrsa -aes128 -out server.key 1024) &> file.txt
You can use the following:
{time openssl genrsa -aes128 -out server.key 1024} 2>> file.txt
I want to use the following command:
openssl x509 -noout -in /etc/pki/tls/certs/cert1.pem -enddate
openssl x509 -noout -in /etc/pki/tls/certs/cert2.pem -enddate
openssl x509 -noout -in /etc/pki/tls/certs/certN.pem -enddate
Is there a way to read all the certificates using wild cards? e.g,
openssl x509 -noout -in /etc/pki/tls/certs/*.pem -enddate
Any help would be much appreciated. Thank you in advance.
use a shell scriptlet:
#! /bin/sh
for file in /etc/pki/tls/certs/*.pem; do
echo -n "$file: "
openssl x509 -noout -in "$file" -enddate
done
put this in a file, say certexpires.sh then you can run it with:
sh certexpires.sh
My answer for your case is this command:
ls /etc/pki/tls/certs/cert*.pem | xargs -L1 openssl x509 -noout -enddate -in
Explanation
In the first step, I make the list of my certificates that I want to parse. For example in my case it could be like this:
[root#vpsfree certs]# ls -1 */*.crt
ewsport.org/ewsport.org.crt
hxpro.cz/hxpro.crt
jaguars.cz/jaguars.crt
koudelka.photography/koudelka.photography.crt
unicycle-hockey.cz/unicycle-hockey.cz.crt
unipragga.cz/unipragga.cz.crt
Next step, I want to get expiration date from each of them.
[root#vpsfree certs]# openssl x509 -noout -enddate -in hxpro.cz/hxpro.crt
notAfter=Apr 24 11:29:21 2017 GMT
Now I can send output from my first command to second using xargs.
[root#vpsfree certs]# ls -1 */*.crt | xargs -L1 openssl x509 -noout -enddate -in
notAfter=Mar 31 15:08:20 2017 GMT
notAfter=Apr 24 11:29:21 2017 GMT
notAfter=Mar 23 21:23:42 2017 GMT
notAfter=Apr 24 11:50:32 2017 GMT
notAfter=Dec 11 16:32:41 2016 GMT
notAfter=Mar 20 19:44:17 2017 GMT
I used option -L1, because openssl command needs only one -in file as input.
I have created an Alias for my terminal which runs this on whole files in folder (you can adjust it to run only on pem extension but this is my adaptation)
alias ssl-opemu='_(){ for i in *; do openssl x509 -in $i -noout -text; done; }; _'
I am almost sure I have inherited this from a previous thread so all rights to their original owners. :)