Menu
I'm trying to use OpenSSL for authenticated encryption. Specifically, I'm trying to use AES-256-GCM (or CCM).
However, when I run openssl list-cipher-commands, I don't see it. The only AES ciphers shown are these:
aes-128-cbc
aes-128-ecb
aes-192-cbc
aes-192-ecb
aes-256-cbc
aes-256-ecb
I'm on openssl 1.0.1e, so it should be supported.
644
If you don't mind writing your own software, there are plenty of crypto libraries supporting AES-GCM, such as OpenSSL itself (even if not available from the command line tool).
Encrypting: OpenSSL Command Line To encrypt a plaintext using AES with OpenSSL, the enc command is used. The following command will prompt you for a password, encrypt a file called plaintext. txt and Base64 encode the output. The output will be written to standard out (the console).
That's right - the EVP_* functions are "envelope encryption".
There is an open source program that I find online it uses openssl to encrypt and decrypt files. It does this with a single password. The great thing about this open source script is that it deletes the original unencrypted file by shredding the file.
OpenSSL supports aes-256-gcm as an algorithm, but it does not support aes-256-gcm as a command tool. The difference is that you can enter openssl aes-256-cbc in the command line to encrypt something. On the other hand, there are no such openssl aes-256-gcm command line tool.
You can use the EVP interface to call aes-256-gcm algorithm, as this answer shows.
By the way, you may try to use openssl enc aes-256-gcm in the command line. That does not work either, because no additional authenticated data will be handled by the enc command. See more information here.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
