openssl enc

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl enc

list-11
I am looking to encrypt/decrypt files using openssl with a public key..

I set up a test environment and created a key pair with:
openssl genrsa -des3 -out privkey.pem 2048
openssl rsa -in privkey.pem -pubout -out pubkey.pem

I can get encryption to work fine with:
openssl enc -aes-256-cbc -salt -in file -out file.enc

Obviously I am not using my public key however, just password.. so:
openssl bf -in file -out file.enc -salt -e -K rdm-pub.pem

This returns "iv undefined".
I dont understand if the IV is something I need to create myself?  If I try
with the -k {pass} I get non-hex digit etc..

I know this is all greatly simplified with gpg, but I would like to limit
the amout of software that I install/patch on this server.  What do I need
to do to get this working?


Couple questions-


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: openssl enc

Dr. Stephen Henson
On Wed, Feb 15, 2006, list wrote:

> I am looking to encrypt/decrypt files using openssl with a public key..
>
> I set up a test environment and created a key pair with:
> openssl genrsa -des3 -out privkey.pem 2048
> openssl rsa -in privkey.pem -pubout -out pubkey.pem
>
> I can get encryption to work fine with:
> openssl enc -aes-256-cbc -salt -in file -out file.enc
>
> Obviously I am not using my public key however, just password.. so:
> openssl bf -in file -out file.enc -salt -e -K rdm-pub.pem
>
> This returns "iv undefined".
> I dont understand if the IV is something I need to create myself?  If I try
> with the -k {pass} I get non-hex digit etc..
>
> I know this is all greatly simplified with gpg, but I would like to limit
> the amout of software that I install/patch on this server.  What do I need
> to do to get this working?
>

Well the "enc" command doesn't currently support the use of public keys so
that wont work.

If you create a certificate you can use the "smime" command though.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]