8

I am on OS X 10.8.3, savvy with a command-line and I want to use OpenSSL to start encrypting sensitive information on my MacBook Pro

I know that I can use openSSL in a syntax like:

openssl enc -aes-256-ecb -in in.txt -out encrypted.txt

Can anyone explain what encryption type to use and why?

Also, Can I paste in a string to that openSSL command and get back an encrypted string to store in a file? (say a password list). Store each password encrypted in the text file and then encrypt the entire file as well.

I also assume that one can encrypt one way, then encrypt a second time using a different method for added protection.

if I encrypt this on OS X I also assume that I could decrypt it on Linux.

Improve this question
4
  • For encrypting files most conveniently, GPG would definitely be recommended over OpenSSL.
    – Celada
    Commented Mar 25, 2013 at 16:18
  • 1
    Also, the second argument to openssl is not an "encryption type" but a subcommand, to tell it what kind of action to take. For example, manupulation of X.509 certificates, manipulation of keys, signing, encryption, certificate generation, message digest calculation, etc...
    – Celada
    Commented Mar 25, 2013 at 16:20
  • Go with AES. It is widely supported.
    – Zoredache
    Commented Mar 25, 2013 at 18:06
  • @Zoredache There are 18 AES options offered by openssl enc: cbc, cfb, cfb1, cfb8, ecb and ofb, each in 128/192/256 bit.
    – Daniel Beck
    Commented Mar 25, 2013 at 19:51

1 Answer 1

Reset to default
2

You need to pay attention to this points while crypting anything:

● Confidentiality
● Integrity
● Authenticity
● Non-repudiation
● Access control
● Difficulty compromise

Taking this as the base you shoud choose the method wich helps you the most. (Being an Asymetric cypher a great way of accommplish a lot of the above.[Use a private and a public key..])

Also Here's the GPG QuickStart Guide.

In the symetric ways there is AES(128, 192, 256 bits) and DES(64 bit per block)

Check this part of this OpenSSL Manual

As someone says above using GPG is a great Idea beacuse of the use of Assymetric Keys which is always safer than just Passwords in any access...

To get a list of Cipher methos you can use:

openssl list-cipher-commands

So for example an AES Cipher:

openssl enc -aes-256-cbc -salt -in file.txt -out file.enc

And to decrypt

openssl enc -d -aes-256-cbc -a -in file.enc

Still, you may have occasion to want to encrypt a file without having to build or use a key/certificate structure.

In the link there is the How do I base64-encode something? part and the How do I simply encrypt a file? part. Hope this can help you

For more info Dive onto Asymmetric key techniques and Symmetric-key

Here's the RFC for Determining Strengths For Public Keys Used For Exchanging Symmetric Keys

Hope this helps. Remember Always to read the manual of what you use.

Improve this answer
4
  • That is a great link. Reading it. When you run something like: openssl passwd -1 MySecret how do you take the resulting hash and get back the face you entered MySecret to begin with?
    – Jasmine
    Commented Mar 25, 2013 at 21:09
  • Normally its showed after you create the cypher. It is showed right after finishing the command. Check out this page. Has some usefull tips about the hash you say. And A Certificate looks like this if you open it when created..
    – AAlvz
    Commented Mar 25, 2013 at 21:18
  • Maybe I am still confused. If I have a txt file that contains a bunch of passwords and I want to replace the plan text passwords in the sheet with shadow style pasword so if someone get their hands on my sheet they dont just get plain text passwords. I would run something like the command in my first comment and get the result. I paste that result in my password sheet where the plain text password was. Later I want to know what the password for something is and I just have that shadow style string. How to I decrypt that so I know what my actual password is?
    – Jasmine
    Commented Mar 25, 2013 at 21:41
  • I think you are a little confused on the way that keys work... it would be unsafe to be able to decrypt any message, don't you think? .. thats why you must have the private and public key... but if you really need to be able to decrypt make sure you use a secure password, and check the gpg crypt method gpg -c myfile. I think this is what you want and will solve the problem you say
    – AAlvz
    Commented Apr 2, 2013 at 20:39

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .