I'm trying to use openssl to decrypt files. I can successfully encrypt them in a loop, but when I try to change the command to make it decrypt, I get "error reading input file."
for f in /dir1/dir2/*.txt ;
do [ -f $f ] && openssl aes-256-cbc enc -in $f -out $f.enc -k PASSWORD ;
done
!the above works for encrypting
for f in /dir1/dir2/*.txt.enc ;
do [ -f $f ] && openssl enc -d -aes-256-cbc -k PASSWORD -in $f -out $f;
done
"error reading input file"
So I've tried making the input file $f.txt.enc, and $f.enc, and similar fiddling with the outfile. No luck.
I think your encoding line has problem, missing - in front of the aes part ... for reference here are lines that work for me:
openssl enc -aes-256-cbc -in $f -out $f.enc -k PASSWORD
openssl enc -aes-256-cbc -d -in $f.enc -out $f.dec -k PASSWORD
Related
Using openssl with aes256 by passing password works fine:
openssl enc -iv BABA -aes256 -in message.txt -out message.enc -base64 -k 1234
openssl enc -d -iv BABA -aes256 -in message.enc -out message.txt -base64 -k 1234
What I am trying to do is to generate an aes256 key and save it in a file. Then use the key file for encryption/decryption actions.
I found this procedure:
openssl rand -base64 256 > symm_key
openssl enc -aes256 -e -in message.txt -out cipher.bin -pass file:symm_key -salt
openssl enc -aes256 -d -in cipher.bin -out message.txt -pass file:symm_key -salt
Any other solution? I do not want to use password.
I have a shell script where a file path $path have some text which I encrypt as below and it works:
content_sha256="$(openssl dgst -binary -sha256 < $path | openssl enc -e -base64)";
The value of variable content_sha256 works correctly.
Now, I have a string $body which I want to encrypt. I am trying below but it gives me entirely different result.
content_sha256="$(echo $body | openssl dgst -sha256 | openssl enc -e -base64)";
Am I piping something wrong or option for openssl should be different?
Correct answer below
content_sha256="$(echo $body | openssl dgst -binary -sha256 | openssl enc -e -base64)";
Points to note:
Include -binary option.
Instead of redirection of file content as input, use echo $body with pipe .
I'm creating a script in bash that uses the command:
openssl x509 -in <cert> -noout -text | grep 'Issuer\|Not After' | sed -e 's/^[ \t]*//'
and check all certificate files in the directory, I used the command
ls -l | grep .crt | cut -d " " -f11 > test.txt
to get the following certificate list:
client.crt
client1.crt
client12.crt
client2.crt
client3.crt
server12.crt
server2.crt
however when I run:
for i in test.txt;do openssl x509 -in $i -noout -text | grep 'Issuer|Not After' | sed -e 's/^[ \t]*//';done
I get the following output:
unable to load certificate
140075503359296:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
You're not iterating over the files listed in your test.txt, your executing openssl against that very file.
What you really want to do is this:
while read -r i
do
openssl x509 -in "$i" -noout -text | grep 'Issuer|Not After' | sed -e 's/^[ \t]*//'
done < test.txt
P.S.: I did not verify that your openssl magic works, just fixed the loop logic.
I am attempting to make a script to log into a server via ssh I can not use keys in this project. So i am trying to pass a hashed password but I am not having any luck .. here is what I have. Any help would be great.
!/usr/bin/expect -f
spawn ssh nix#server
expect "password:"
send "echo "6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=" | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd"
interact
Here is the return I get:
nix's password: extra characters after close-quote
while executing
"send "echo "6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=" | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd"
interact
"
Try this solution:
!/usr/bin/expect -f
spawn ssh nix#localhost
expect "password:"
send "echo '6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=' | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd"
interact
I replaced those double quotes with single quotes ie "send "echo "6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=" to "echo '6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0='
Hope it helps.
This does not append the output of the time command to file.txt
echo $(time openssl genrsa -aes128 -out server.key 1024) &> file.txt
You can use the following:
{time openssl genrsa -aes128 -out server.key 1024} 2>> file.txt