Using OpenSSL for AES/Rijndael Encryption

What is AES and OpenSSL?

Rijndael is a sophisticated block cipher. The U.S. government has adopted the algorithm as its cipher of choice, thus the Advanced Encryption Standard or AES.

The OpenSSL package, among its many other uses, can encrypt files with this cipher.

First, install/update the package, if you need to. From the commandline, use which openssl. If a file path is returned, you have openssl installed. If so, simply use apt to update it: apt-get update openssl.

If openssl is not installed, use apt to download and install it: apt-get install openssl.

OpenSSL is also available for Cygwin and can be installed via Cygwin's Install utility. I've used this script under Cygwin, and it does work.

How's It Work?

It's quite a simple script. First I check whether the user passes a valid action parameter ("enc" for encryption, "dec" for decryption). If the action parameter is good, the file is processed.

The script encrypts the file, and appends an extension of "aes" to the file if the file is being encrypted, or removed the "aes" extension if the file is being decrypted.

The second half of the main if-block is just for error processing. I wanted output specific to the error, not just some "bad parameter" error.

This script is interactive. OpenSSL warns against passing passwords on the command-line (can be sniffed by another user armed with ps -A).

Caveat Emptor

Since this script is interactive (prompts for an encryption/decryption password), this is not for use in any sort of automated process!

Source Code

              #! /bin/bash
              # Usage: aes.sh (enc|dec) filename
              #	enc filename will encrypt the file, saving it to filename.aes
              #	dec filename will decrypt the file, striping the .aes from the filename, or just the filename.
              
              ACTION=$1
              FILENAME=$2
              
              if [ "$ACTION" = "enc" -o "$ACTION" = "dec" ]; then
                  if [ "$ACTION" = "enc" -a -e "$FILENAME" ]; then
                      openssl enc -in "$FILENAME" -out "$FILENAME.aes" -e -aes256 #Encrypt the file.
                  elif [ "$ACTION" = "dec" -a -e "$FILENAME" ]; then
                      openssl enc -in "$FILENAME" -out "${FILENAME%.*}" -d -aes256 #Decrypt the file.
                  elif [ ! -e "$FILENAME" ]; then
                      echo -e "Usage: `basename "$0"` (enc|dec) filename"
                      echo -e "\tThe file, \"$FILENAME\", does not exist."
                  else
                      echo -e "Usage: `basename "$0"` (enc|dec) filename"
                      echo -e "\tYou need to specify to encrypt(enc) or decrypt(dec)."
                  fi
              else
                  if [ -z "$ACTION" -a -z "$FILENAME" ]; then
                      echo -e "Usage: `basename "$0"` (enc|dec) filename"
                      echo -e "\t(enc|dec): 'enc' encrypts filename."
                      echo -e "\t           'dec' decrypts filename."
                      echo -e "\tfilename: path of file to perform operation on."
                  elif [ "$ACTION" != "enc" -a "$ACTION" != "dec" ]; then
                      echo -e "Usage: `basename "$0"` (enc|dec) filename"
                      echo -e "\tYou need to specify to encrypt(enc) or decrypt(dec)."
                  elif [ -n "$ACTION" -a -z "$FILENAME" ]; then
                      echo -e "Usage: `basename "$0"` (enc|dec) filename"
                      echo -e "\tYou must supply a file to process."
                  elif [ ! -e "$FILENAME" ]; then
                      echo -e "Usage: `basename "$0"` (enc|dec) filename"
                      echo -e "\tThe file, \"$FILENAME\", does not exist."
                  else
                      echo -e "Unknown error: you should never see me!"
                      echo -e "\t\$1(Action): $ACTION"
                      echo -e "\t\$2(Filename): $FILENAME"
                  fi
              fi
              
              exit 0
          

Downloads

You can download the script.



Tags

  • Linux

Revisions

  • 11/14/2005 - Article published.