I'll try to make this succinct as possible.
I want to be able to encrypt & decrypt simple strings using OpenSSL, which I have done before.
HOWEVER, the following conditions must be met:
I'm 50% there. I can successfully perform ENCRYPTION via:
echo 'someTextIWantToEncrypt' | openssl enc -e -aes-256-cbc -nosalt -pass pass:mySecretPass
The output result is:
(??b}n??v???>??G??.?B??~?
OK, great. Now I want to DECRYPT that string. So I do:
echo -n '(??b}n??v???>??G??.?B??~?' | openssl enc -d -aes-256-cbc -pass pass:mySecretPass
or even as an alternative:
openssl enc -d -aes-256-cbc -pass pass:mySecretPass <<< '(??b}n??v???>??G??.?B??~?'
But I get this response:
bad magic number
Though I don't want to use input/output files, that method DOES work 100%:
# encrypt to file
echo -n 'someTextIWantToEncrypt' | openssl enc -e -nosalt -out test.txt -aes-256-cbc -pass pass:mySecretPass
# decrypt from file
openssl enc -d -nosalt -in test.txt -aes-256-cbc -pass pass:mySecretPass
# result of decryption (is successful):
someTextIWantToEncrypt
So ... how can I achieve the above decryption process without using input/output files whatsoever? I feel I am close, but missing some small detail.
Thanks in advance.
Decryption Approach:Find the length L of the string. Find the ceil and floor values of √Length and assign them to the variables. Create a 2D matrix and fill the matrix by characters of string column-wise. Read the matrix row-wise to get the decrypted string.
Enc is used for various block and stream ciphers using keys based on passwords or explicitly provided. It can also be used for Base64 encoding or decoding.
The problem is that encryption uses the entire ASCII character set, including unprintable characters. If you want to be able to cut and paste the encrypted data, you need to convert it to only printable characters. You can do this with the -base64
(or -a
) option:
echo 'someTextIWantToEncrypt' | \
openssl enc -base64 -e -aes-256-cbc -nosalt -pass pass:mySecretPass
KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=
Then decrypt it the same way:
echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:mySecretPass
WARNING: If you're using openssl, I can only assume the confidentiality of the data, and therefore the password, is important to you. If that's the case, you should never supply a password on the command line, because it can be exposed to anyone with the privilege to run ps
.
A better solution is to store the password in an environment variable and have openssl read it from there:
export passwd="mySecretPass"
echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With