Using OpenSSL for AES/Rijndael Encryption
Written by: Doug Jenkinson
Article
What is AES and OpenSSL?
Rijndael is a sophisticated block cipher. The U.S. government has adopted the algorithm as its cipher of choice, thus the Advanced Encryption Standard or AES.
The OpenSSL package, among its many other uses, can encrypt files with this cipher.
First, install/update the package, if you need to. From the commandline, use which openssl. If a file path is returned, you have openssl installed. If so, simply use apt to update it: apt-get update openssl.
If openssl is not installed, use apt to download and install it: apt-get install openssl.
OpenSSL is also available for Cygwin and can be installed via Cygwin's Install utility. I've used this script under Cygwin, and it does work.
How's It Work?
It's quite a simple script. First I check whether the user passes a valid action parameter ("enc" for encryption, "dec" for decryption). If the action parameter is good, the file is processed.
The script encrypts the file, and appends an extension of "aes" to the file if the file is being encrypted, or removed the "aes" extension if the file is being decrypted.
The second half of the main if-block is just for error processing. I wanted output specific to the error, not just some "bad parameter" error.
This script is interactive. OpenSSL warns against passing passwords on the command-line (can be sniffed by another user armed with ps -A.
Caveat Emptor
Since this script is interactive (prompts for an encryption/decryption password), this is not for use in any sort of automated process!
Source Code
aes.sh
#! /bin/bash
# Usage: aes.sh (enc|dec) filename
# enc filename will encrypt the file, saving it to filename.aes
# dec filename will decrypt the file, striping the .aes from the filename, or just the filename.
ACTION=$1
FILENAME=$2
if [ "$ACTION" = "enc" -o "$ACTION" = "dec" ]; then
if [ "$ACTION" = "enc" -a -e "$FILENAME" ]; then
openssl enc -in "$FILENAME" -out "$FILENAME.aes" -e -aes256 #Encrypt the file.
elif [ "$ACTION" = "dec" -a -e "$FILENAME" ]; then
openssl enc -in "$FILENAME" -out "${FILENAME%.*}" -d -aes256 #Decrypt the file.
elif [ ! -e "$FILENAME" ]; then
echo -e "Usage: `basename "$0"` (enc|dec) filename"
echo -e "\tThe file, \"$FILENAME\", does not exist."
else
echo -e "Usage: `basename "$0"` (enc|dec) filename"
echo -e "\tYou need to specify to encrypt(enc) or decrypt(dec)."
fi
else
if [ -z "$ACTION" -a -z "$FILENAME" ]; then
echo -e "Usage: `basename "$0"` (enc|dec) filename"
echo -e "\t(enc|dec): 'enc' encrypts filename."
echo -e "\t 'dec' decrypts filename."
echo -e "\tfilename: path of file to perform operation on."
elif [ "$ACTION" != "enc" -a "$ACTION" != "dec" ]; then
echo -e "Usage: `basename "$0"` (enc|dec) filename"
echo -e "\tYou need to specify to encrypt(enc) or decrypt(dec)."
elif [ -n "$ACTION" -a -z "$FILENAME" ]; then
echo -e "Usage: `basename "$0"` (enc|dec) filename"
echo -e "\tYou must supply a file to process."
elif [ ! -e "$FILENAME" ]; then
echo -e "Usage: `basename "$0"` (enc|dec) filename"
echo -e "\tThe file, \"$FILENAME\", does not exist."
else
echo -e "Unknown error: you should never see me!"
echo -e "\t\$1(Action): $ACTION"
echo -e "\t\$2(Filename): $FILENAME"
fi
fi
exit 0
Downloads
You can download the script.
Revisions
- v1.0 (14 Nov 2005) - Article published.
