using multiple keys

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

using multiple keys

Ewen Chan
If I have a directory and it has 10 files and I have 10 separate keys
such that key1 is for file1 and key2 is for file2 (etc.); is there a
way to automate the encryption process like that?

Or do I have to run each of the commands separate and instead of
having 10 separate keys in a single keyfile in a list format; that I
would need to split them out into individual keyfiles (e.g. keyfile1,
keyfile2, etc.) and then run the encryption individually (rather than
launching a single encryption job that will process all 10 files with
all 10 keys listed in one keyfile)?

(I hope that this makes sense and that people are kinda getting what
I'm asking here.)

Thanks.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] using multiple keys

Erwann ABALEA
"openssl enc" encrypts one file at a time, and can read the first line
of a file to get the passphrase (in order to derive key and iv).
If you want to provide your own key and iv, you have to do it as command
line arguments.
Key management is out of scope.

--
Erwann ABALEA

Le 15/03/2013 06:33, Ewen Chan a écrit :

> If I have a directory and it has 10 files and I have 10 separate keys
> such that key1 is for file1 and key2 is for file2 (etc.); is there a
> way to automate the encryption process like that?
>
> Or do I have to run each of the commands separate and instead of
> having 10 separate keys in a single keyfile in a list format; that I
> would need to split them out into individual keyfiles (e.g. keyfile1,
> keyfile2, etc.) and then run the encryption individually (rather than
> launching a single encryption job that will process all 10 files with
> all 10 keys listed in one keyfile)?
>
> (I hope that this makes sense and that people are kinda getting what
> I'm asking here.)
>
> Thanks.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] using multiple keys

Ewen Chan
Sorry, my bad. Wrong terminology.

(The AES wiki says that it uses a key.) But I was really thinking
about multiple passphrases.

Sorry for the mix up.

So let's say I have three files:
file1
file2
file3

And then I have a passphrase file that contains the following:

Alice
Bob
Charlie

and I want to encrypt file1 with the passphrase "Alice"; file2 with
the passphrase "Bob" and file3 with the passphrase "Charlie".

Is there a way to get openssl to automatically do that or do I need to
write a program/shell script so that I will automatically increment
one and pull the passphrase from the appropriate passphrase file?

(Disclaimer: I am NOT a programmer. At all. By ANY stretch of the imagination.)

Thanks.

On Fri, Mar 15, 2013 at 5:01 AM, Erwann Abalea
<[hidden email]> wrote:

> "openssl enc" encrypts one file at a time, and can read the first line of a
> file to get the passphrase (in order to derive key and iv).
> If you want to provide your own key and iv, you have to do it as command
> line arguments.
> Key management is out of scope.
>
> --
> Erwann ABALEA
>
> Le 15/03/2013 06:33, Ewen Chan a écrit :
>>
>> If I have a directory and it has 10 files and I have 10 separate keys
>> such that key1 is for file1 and key2 is for file2 (etc.); is there a
>> way to automate the encryption process like that?
>>
>> Or do I have to run each of the commands separate and instead of
>> having 10 separate keys in a single keyfile in a list format; that I
>> would need to split them out into individual keyfiles (e.g. keyfile1,
>> keyfile2, etc.) and then run the encryption individually (rather than
>> launching a single encryption job that will process all 10 files with
>> all 10 keys listed in one keyfile)?
>>
>> (I hope that this makes sense and that people are kinda getting what
>> I'm asking here.)
>>
>> Thanks.
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    [hidden email]
>> Automated List Manager                           [hidden email]
>>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] using multiple keys

Erwann ABALEA

Le 15/03/2013 13:54, Ewen Chan a écrit :
> Sorry, my bad. Wrong terminology.
>
> (The AES wiki says that it uses a key.) But I was really thinking
> about multiple passphrases.

And from this passphrase, a key and IV can be generated. It's more easy
to remember a passphrase than a bunch of hex digits.

> Sorry for the mix up.
>
> So let's say I have three files:
> file1
> file2
> file3
>
> And then I have a passphrase file that contains the following:
>
> Alice
> Bob
> Charlie
>
> and I want to encrypt file1 with the passphrase "Alice"; file2 with
> the passphrase "Bob" and file3 with the passphrase "Charlie".
>
> Is there a way to get openssl to automatically do that or do I need to
> write a program/shell script so that I will automatically increment
> one and pull the passphrase from the appropriate passphrase file?

The openssl command-line tool doesn't do that. It can work with one
passphrase file per file, or you can provide the passphrase as an argument.
If you want to centralize your passphrases, you'll have to write some
kind of wrapper to extract the good passphrase and provide it to
"openssl enc" (either in a dedicated file, or as an argument).

> (Disclaimer: I am NOT a programmer. At all. By ANY stretch of the imagination.)

Nobody's perfect :D
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] using multiple keys

Ewen Chan
So if I want to do that, the very basic way for me to do it would be
to write all of the commands (line-by-line; which processes each file
separately) into a shell script file and then run that?

But if I were to use some kind of programming or more advanced
scripting language/syntaxes; I would be able to automate that (which
makes it easier for me in the long run)?

Thanks for all your help so far.

P.S. In regards to the whole OS saga - I ended up installing Solaris
11.1; although I'm not really sure if it worked or not. lol...

On Fri, Mar 15, 2013 at 9:32 AM, Erwann Abalea
<[hidden email]> wrote:

>
> Le 15/03/2013 13:54, Ewen Chan a écrit :
>
>> Sorry, my bad. Wrong terminology.
>>
>> (The AES wiki says that it uses a key.) But I was really thinking
>> about multiple passphrases.
>
>
> And from this passphrase, a key and IV can be generated. It's more easy to
> remember a passphrase than a bunch of hex digits.
>
>
>> Sorry for the mix up.
>>
>> So let's say I have three files:
>> file1
>> file2
>> file3
>>
>> And then I have a passphrase file that contains the following:
>>
>> Alice
>> Bob
>> Charlie
>>
>> and I want to encrypt file1 with the passphrase "Alice"; file2 with
>> the passphrase "Bob" and file3 with the passphrase "Charlie".
>>
>> Is there a way to get openssl to automatically do that or do I need to
>> write a program/shell script so that I will automatically increment
>> one and pull the passphrase from the appropriate passphrase file?
>
>
> The openssl command-line tool doesn't do that. It can work with one
> passphrase file per file, or you can provide the passphrase as an argument.
> If you want to centralize your passphrases, you'll have to write some kind
> of wrapper to extract the good passphrase and provide it to "openssl enc"
> (either in a dedicated file, or as an argument).
>
>
>> (Disclaimer: I am NOT a programmer. At all. By ANY stretch of the
>> imagination.)
>
>
> Nobody's perfect :D
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]