OpenSSLPublished on 30 Jan 2005
Tags #AES #Base64 #MD5 #OpenSSL #PGP #Salt #SHA1 #SSL
The OpenSSL library provides access to SSL encrypted tunnels. Most of its functionality is accessible via the
openssl command which is shipped with the OpenSSL package.
A digest is a one-way transformation of a string (into a hash) that can be used to ensure the integrity of the string. For example, this technique is used in PGP to sign messages. Commonly used algorithms include MD5 and SHA-1.
The following command demonstrates how to generate a MD5 hash of the content of a file:
openssl -md5 -in INFILE -out OUTFILE
openssl command can be used to generate hashed password as well as strings which are insusceptible by dictionary-based attacks against passwords.
The crypt3 hash algorithm was formerly used to hash passwords on Unix systems but has been superseded by the md5-crypt hash algorithm, at least on linux systems.
openssl passwd -salt SALT PASSWORD
Similar to the above command, a hash password is generated from a password and a salt, though, the format of the output, the modular crypt format (MCF), is more sophisticated to allow for a variety of hash algorithms. The simple format which is discussed here begins with a
$and consists of three fields separated by
$where the first fields indicates which hash algorithm is used (md5-crypt was assigned 1), the second and third contain the salt and the password, respectively.
openssl passwd -1 -salt SALT PASSWORD
Please note, that there is a huge difference between a simple MD5 hash and a md5-crypt’ed password. Although the md5-crypt hash algorithm is based on the MD5 hash algorithm, the two can not be transformed into each other without knowledge of the plaintext password.
Generation of N chars
opensslcan also be used to create a string of pseudo-randomly chosen characters of a custom length:</p>
openssl rand -base64 N | head -c N
What is Base64
openssl enc -base64 -e -in INFILE -out OUTFILE
openssl enc -base64 -d -in INFILE -out OUTFILE
Often the privacy of data that is transmitted over a private network is of major concern to the participating parties. The
openssl also provides commonly used symmetrical encryption algorithms (asymmetrical encryption algorithms are covered by gnupg) which are two-way transformations of strings based on a password.
The following commands demonstrate the use of the
openssl command to encrypt the content of a file using the Advanced Encryption Standard (AES) algorithm. The user is prompted for the password on the current terminal.
openssl enc -aes256 -e -in INFILE -out OUTFILE
openssl enc -aes256 -d -in INFILE -out OUTFILE
In addition, the
openssl command can be used to open a SSL tunnel to a remote host which can be used to tunnel sensitive protocol data:
openssl s_client -connect HOST:PORT