Skip to main content

Encryption with OPENSSL

· 4 min read
Cristian Dobra

The purpose of this blog is to encrypt an archived folder with OpenSSL.

What Is OpenSSL?

  • OpenSSL is an open-source cryptography library that provides a suite of cryptographic tools and utilities.
  • It offers an implementation of the TLS (Transport Layer Security) protocol, which ensures secure communication over networks.
  • Key functionalities include CSR (Certificate Signing Request) generation, private key management, and SSL certificate installation.

Why Use OpenSSL?

  • Secure Communication: OpenSSL allows you to encrypt data during transmission, ensuring that sensitive information remains confidential. It’s essential for protecting data sent over the internet.
  • Authentication: By using SSL certificates generated with OpenSSL, you can verify the identity of servers and clients. This prevents man-in-the-middle attacks and ensures trust.
  • Versatility: OpenSSL supports both symmetric and asymmetric encryption. Symmetric encryption uses a single shared key, while asymmetric encryption involves public and private key pairs.
  • Efficiency: OpenSSL is known for its speed and efficiency. It’s widely used in web servers, email servers, and other applications.
  • Open Source: Being open source, OpenSSL is transparent and can be audited by security experts. This transparency contributes to its reliability.
  • Cross-Platform: OpenSSL is available for Linux, Windows, macOS, and BSD systems, making it accessible across various platforms.
  • Streamlined Process: When web control panels are unavailable, OpenSSL simplifies SSL certificate installation and configuration.

OpenSSL vs. Other Encryption Tools:

  • Speed and Efficiency: OpenSSL is optimized for performance, making it faster than some alternatives.
  • Robustness: Its extensive functionalities and open-source nature make it a preferred choice for implementing SSL and TLS protocols.
  • Web Server Integration: Many web servers natively support OpenSSL, making it seamless to use.
  • Command-Line Interface: While some find the command-line interface intimidating, it allows for precise control and automation.
  • GPG (GNU Privacy Guard) Comparison: GPG focuses on encrypting and signing data, whereas OpenSSL primarily secures internet communications1.
  • User-Friendly Aspect: While OpenSSL is powerful, some users may find other tools more user-friendly.

In summary, OpenSSL provides robust encryption, authentication, and versatility, making it a reliable choice for securing data in transit. Its widespread adoption and community support reinforce its position as a go-to solution for encryption tasks.

Example of how to encrypt & decrypt a folder with OpenSSL:

  1. Create Folder and Files to Archive:
  • First, create a directory called encrypt_dir.
  • Inside this directory, create two text files named file1.txt and file2.txt.
mkdir encrypt_dir
touch encrypt_dir/file1.txt encrypt_dir/file2.txt
  1. Archive the Folder:
  • Use the tar command to create an archive file named encryptfolder.tar.gz.
  • The -czvf options specify that we want to create a compressed archive (c), use gzip compression (z), display verbose output (v), and specify the output filename (f).
  • The -C encrypt_dir/ option ensures that the contents of the encrypt_dir directory are included in the archive.
tar -czvf encryptfolder.tar.gz -C encrypt_dir/ .
  1. Generate Private and Public keys with OpenSLL:
  • Generate an RSA key pair using OpenSSL.
  • The private key (private.pem) is generated with the -des3 option, which encrypts it using the Triple DES algorithm for security.
  • The public key (public.pem) is derived from the private key and can be safely shared with others.
openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
  1. Encrypt the Archived File:
  • Use the openssl rsautl command to encrypt the encryptfolder.tar.gz archive.
  • The -encrypt option specifies encryption.
  • -inkey public.pem specifies the public key for encryption.
  • -pubin indicates that we’re using a public key.
  • The input file (-in) is the original archive, and the output file (-out) is the encrypted archive (encrypted.tar.gz).
openssl rsautl -encrypt -inkey public.pem -pubin -in encryptfolder.tar.gz -out encrypted.tar.gz
  1. Decrypt the Archived File:
  • To retrieve the original files, decrypt the encrypted archive.
  • Use the openssl rsautl command again.
  • -inkey private.pem specifies the private key for decryption.
  • The input file (-in) is the encrypted archive, and the output file (-out) is the decrypted archive (decrypted_files.tar.gz).
openssl rsautl -decrypt -inkey private.pem -in encrypted.tar.gz -out decrypted_files.tar.gz
  1. Extract Files from the Decrypted Archive:
  • Extract the contents of the decrypted archive into a new directory called folder_to_extract_files.
  • Use the tar command with the -xvf options to extract the files.
mkdir folder_to_extract_files
tar -xvf decrypted_files.tar.gz -C folder_to_extract_files

Remember to keep your private key (private.pem) secure, as it is essential for decrypting the files. Public-key encryption ensures secure communication and data protection