If you've spent any time configuring user authentication on... Full Story
By Manny Fernandez
March 7, 2020
Using OpenSSL to encrypt files
I am a big user of PGP and use it regularly to send encrypted email to colleagues and friends that use PGP. However, sometimes I have non-PGP users that need to receive a file. Obviously, there are easier ways to send the file using something like FortiMail but if you want to ensure the file is encrypted at rest even when moved off to another device, this CAN do it for you. Again there are other ways, probably easier than this but that has never stopped me from taking the “scenic route”.
You will need openssl installed on your computer. This is on by default in macOS and Linux, on Windows you will need to download the installer and install on Windows.
Note: I believe you need to Run as administrator when you run it.
To know what version you are running:
macOS
Mannys-MacBook-Pro:~ mannyfernandez$ openssl OpenSSL> version LibreSSL 2.8.3 OpenSSL>
Linux
[root@fll-observium ~]# openssl OpenSSL> version OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL>
Now for the “fun” part.
Encrypting the File
To encrypt a file we will use the following command
openssl aes-256-cbc -a -salt -in %unencrypted-file-name% -out %encrypted-file-name%
I created a file and named it MonkeyBiz.txt and will encrypt it using a password.
openssl aes-256-cbc -a -salt -in MonkeyBiz.txt -out MonekyBiz.enc enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
As you can see, I took MonkeyBiz.txt and encrypted it using the name MonkeyBiz.enc . And when I did so, was asked to enter a password for the file and then validate it was correct.
NOTE: You COULD use the same name for the encrypted version but you would need to pipe it to another folder/directory.
As you can see below, we have both files in the folder
ls -l -rw-r--r-- 1 mannyfernandez staff 90 Mar 7 11:12 MonkeyBiz.enc -rw-r--r--@ 1 mannyfernandez staff 41 Mar 7 11:06 MonkeyBiz.txt
Decrypting the File
To decrypt the file, we will do the reverse process
openssl aes-256-cbc -d -a -in MonkeyBiz.enc -out MonkeyBiz.log enter aes-256-cbc decryption password:
Again, we can see the prompt for the password although no verification since it is assumed that the person receiving this file did not set it. Additionally, I chose a different extension ( .log) for the output file so I can show the difference.
Validation
Clear Text (MonkeyBiz.txt)
cat MonkeyBiz.txt Nothing here but a little Monkey Business
Encrypted Form (MonkeyBiz.enc)
cat MonkeyBiz.enc U2FsdGVkX19iUrhpaEpNlWEIp5aPv7Hx8/dgOhRxwARNRKiDKQVq4Drx1YXQOhy+ /ED9p5Nu+GAxjC+1OEwr6A==
Decrypted Form (MonkeyBiz.log)
cat MonkeyBiz.log Nothing here but a little Monkey Business
Hope this helps
Recent posts
-
-
DNS is one of those technologies that quietly underpins... Full Story
-
BGP issues on FortiGate firewalls usually trace back to... Full Story
-
Every time your laptop talks to your router, a... Full Story
-
If you've spent any time configuring NAT on a... Full Story
-
If you have spent any time configuring firewall policies... Full Story
-
High availability on FortiGate is one of those features... Full Story
-
If you've configured SD-WAN on a FortiGate, you've almost... Full Story
-
FortiLink is the management protocol that turns a FortiSwitch... Full Story
-
FortiSwitches are pretty rock solid from Mean Time Between... Full Story
-
This is a quicky tip. Have you ever gone... Full Story
-
DNS is one of those quiet pieces of internet... Full Story
-
This article is an updated version of the previous... Full Story
-
You will add ns2 as a secondary (slave) BIND9... Full Story
-
In the process of deploying my lab, I needed... Full Story
-
RFC 8805, used to be known as Self-Correcting IP... Full Story
-
Years back, I wrote an article about certificate pinning. ... Full Story
-
FortiGates have the ability to send alerts to Microsoft... Full Story
-
In this post, I am going to walk through... Full Story
-
Troubleshooting VoIP on a FortiGate can feel like trying... Full Story
-
Prior to FortiOS 7.0, there were three commands to... Full Story
-
In this post, I am going to go over... Full Story
-
What we are going to do: We are going... Full Story
-
Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story
-
Creating a VLAN on macOS (The "Pro" Move) A... Full Story
-
This blog post explores the logic behind how macOS... Full Story
-
Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story
-
Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story
-
ICMP introduces several security risks, but careful filtering, rate... Full Story
-
The command diag debug application dhcps -1 enables full... Full Story
-
In the world of FortiOS, execute tac report is... Full Story
-
LLDP; What is it The Link Layer Discovery Protocol... Full Story
-
What it actually does When you run diagnose fdsm... Full Story
-
Monkey Bites are bite-sized, high-impact security insights designed for... Full Story
-
I have run macOS in macOS with Parallels but... Full Story
-
Don't be confused with my other FortiNAC posts where... Full Story
-
This is the third session in a multi-part article... Full Story
-
Today I was configuring key-based authentication on a FortiGate... Full Story
-
Netcat, often called the "Swiss Army knife" of networking,... Full Story
-
At its core, IEEE 802.1X is a network layer... Full Story
-
In case you did not see the previous FortiNAC... Full Story
-
This is our 5th session where we are going... Full Story
-
Now that we have Wireshark installed and somewhat configured,... Full Story
-
The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story
-
Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story
-
These are two distinct mechanisms on FortiOS, and conflating... Full Story
-
Replacement messages are the pages and text blocks that... Full Story