I have the job of converting some bash scripts to run on Node in an AWS Lambda. The scripts encode and decode some files. As the files are used externally I have to keep the encryption unchanged.
The files are encrypted with the command
openssl -e -aes-256-cbc -base64 -salt -in $filein -out $fileout -k $key
and decrypted with
openssl -d -aes-256-cbc -base64 -salt -in $filein -out $fileout -k $key
I've tried just wrapping the openssl calls but openssl is no longer installed in the Node Lambda runtime.
I've tried using the node:crypto module and searching stackoverflow but don't really understand enough about encryption and how openssl works to have a chance of writing any code. For example I can't work out how to get the iv to use when decrypting the file.
So is it possible to reproduce these openssl commands with node?
My backup plan is to build a container or Lambda Layer containing SSL and use one of the SSL wrappers but I'd prefer not to do that if I can help it.
I'm trying to encrypt a stdout stream to a file located on a removable drive.
However, as the drive can be removed at an arbitrary time, I am wondering how to manage this?
I have tried using openssl and a 256-bit AES cipher but unsurprisingly I get block length errors on the decrypt.
My bash scripts do this:
Encrypt:
openssl aes-256-cbc -a -salt -pass file:"$KEY_FILE"
Decrypt:
openssl aes-256-cbc -d -a -pass file:"$KEY_FILE"
Unfortunately I'm on an embedded system so not many binaries included beyond what is necessary. Bash and openssl are present however.
I am running a bunch of shell scripts which uses the properties in config.properties file.. it has database connection details, passwords.. etc.,
I just want to encrypt the passwords.. so that when someone looks at the properties file they shouldn't be able to use it.
Also I don't want to change the permissions on the file, I want only the passwords to be encrypted
I know there are few ways.. like using java or using any encryption algorithm but I don't want to use java.
I am running the shell scripts on CentOS.. sample scripts looks like below..
config.properties
DatabaseHostName=test_host
DatabasePort=4898
DatabaseUserName=test_user
# MY DB Password here is visible.. I want to encrypt this
DatabasePassword=password123
script.sh
#sourcing the above properties file here
source ./config.properties
export PGPASSWORD=${DatabasePassword}
psql -h ${DatabaseHostName} -p ${DatabasePort} ${DatabaseUserName} -c "select * from table_name;"
my both files are under the same folder
Here's the problem, whatever encryption you put in the file, you'd need to be able to reverse in the script. So anyone who can see the script can figure out how to decode the passwords.
command encrypt:
echo 'hoge' | openssl rsautl -encrypt -inkey ~/.ssh/id_rsa > pass.rsa
command decrypt:
openssl rsautl -decrypt -inkey /root/.ssh/id_rsa -in pass.rsa
config modify:
DatabasePassword=S03EXE -> DatabasePassword=$(openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in pass.rsa)
I recall when I was using ColdFusion years ago that you could encrypt CF scripts to protect the code and CF could still execute them.
Does any such capacity exist for gnuplot? My guess is it does not.
Gnuplot itself cannot handle encrypted files, but you can use an external tool like openssl to encrypt and decrypt your scripts and pipe the decrypted script to gnuplot:
Encrypt:
openssl aes-256-cbc -in foobar.gp -out foobar-enc.gp -pass file:foobar.pwd
Decrypt and execute gnuplot:
openssl aes-256-cbc -d -in foobar-enc.gp -pass file:foobar.pwd | gnuplot
That capacity does not exist in gnuplot.
I have a 16 byte character that I would like to encrypt using openssl into a 16 byte encrypted string.
This encrypted string ( in human readable format ) then needs to be supplied to a user who would use it, and the string would be decrypted to its original 16-byte form for comparison and authentication. Could anyone please tell me how this would be possible with openssl commandline.
Here's one way to encrypt a string with openssl on the command line (must enter password twice):
echo -n "aaaabbbbccccdddd" | openssl enc -e -aes-256-cbc -a -salt
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
Here's what the output looks like:
U2FsdGVkX1/6LATntslD80T2HEIn3A0BqxarNfwbg31D2kI00dYbmBo8Mqt42PIm
Edit: To my knowledge, you can't control the number of bytes out. You can b64 or hex encode it, but that's about it. Also, if you want to save that string to a file rather than stdout, use the -out option.
Try this:
echo 'foo' | openssl aes-256-cbc -a -salt
echo 'U2FsdGVkX1/QGdl4syQE8bLFSr2HzoAlcG299U/T/Xk=' | openssl aes-256-cbc -a -d -salt
Run
openssl list-cipher-commands
to list all available ciphers.
I have a 16 byte character that I would like to encrypt using openssl into a 16 byte encrypted string [in human readable format]
I believe you are looking for Format Preserving Encryption. I think the caveat is you have to start with a 16-byte human readable string. Phillip Rogaway has a paper on the technologies: Synopsis of
Format-Preserving Encryption. There's a lot to the paper, and it can't fit into a single paragraph on Stack Overflow.
If you can start with a shorter string and use a streaming mode like OCB, OFB or CTR, then you can Base64 encode the final string so that the result is 16-bytes and human readable. Base64 expands at a rate of 3 → 4 (3 un-encoded expands to 4 encoded), so you'd need a shorter string of length 12 characters to achieve 16 human readable characters.
As far as I know, there are no command line tools that do it natively. You may be able to use OpenSSL on the command line with AES/CTR and pipe it through base64 command. The following gets close, but it starts with 11 characters (and not 12):
$ echo 12345678901 | openssl enc -e -base64 -aes-128-ctr -nopad -nosalt -k secret_password
cSTzU8+UPQQwpRAq
Also, you really need to understand te -k option (and -K for that matter), and how it derives a key so you can do it outside of the OpenSSL command (if needed).
try this
$ echo "a_byte_character" | openssl enc -base64
and you have 100+ Cipher Types
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-gcm -aes-128-ofb -aes-128-xts
-aes-192-cbc -aes-192-cfb -aes-192-cfb1
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb
-aes-192-gcm -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-gcm
-aes-256-ofb -aes-256-xts -aes128
-aes192 -aes256 -bf
-bf-cbc -bf-cfb -bf-ecb
-bf-ofb -blowfish -camellia-128-cbc
-camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8
-camellia-128-ecb -camellia-128-ofb -camellia-192-cbc
-camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ecb -camellia-256-ofb -camellia128
-camellia192 -camellia256 -cast
-cast-cbc -cast5-cbc -cast5-cfb
-cast5-ecb -cast5-ofb -des
-des-cbc -des-cfb -des-cfb1
-des-cfb8 -des-ecb -des-ede
-des-ede-cbc -des-ede-cfb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb
-des-ofb -des3 -desx
-desx-cbc -id-aes128-GCM -id-aes192-GCM
-id-aes256-GCM -rc2 -rc2-40-cbc
-rc2-64-cbc -rc2-cbc -rc2-cfb
-rc2-ecb -rc2-ofb -rc4
-rc4-40 -rc4-hmac-md5 -seed
-seed-cbc -seed-cfb -seed-ecb
-seed-ofb
I had trouble getting it working using echo with -n. This worked for me:
To encrypt:
echo "PLAINTEXT_STRING" | openssl enc -aes256 -pbkdf2 -base64
you'll be prompted to provide a decryption password.
To decrypt:
echo "ENCRYPTED_STRING" | openssl aes-256-cbc -d -pbkdf2 -a
enter the decryption password to decrypt.