[英]Encrypt a string using openssl command line
I have a 16 byte character that I would like to encrypt using openssl into a 16 byte encrypted string.我有一个 16 字节的字符,我想使用 openssl 将其加密为 16 字节的加密字符串。
This encrypted string ( in human readable format ) then needs to be supplied to a user who would use it, and the string would be decrypted to its original 16-byte form for comparison and authentication.然后需要将该加密字符串(以人类可读格式)提供给将要使用它的用户,并且该字符串将被解密为其原始的 16 字节形式以进行比较和验证。 Could anyone please tell me how this would be possible with openssl commandline.
谁能告诉我 openssl 命令行是如何实现的。
Here's one way to encrypt a string with openssl on the command line (must enter password twice):这是在命令行上使用 openssl 加密字符串的一种方法(必须输入两次密码):
echo -n "aaaabbbbccccdddd" | openssl enc -e -aes-256-cbc -a -salt
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
Here's what the output looks like:输出如下所示:
U2FsdGVkX1/6LATntslD80T2HEIn3A0BqxarNfwbg31D2kI00dYbmBo8Mqt42PIm
Edit: To my knowledge, you can't control the number of bytes out.编辑:据我所知,您无法控制输出的字节数。 You can b64 or hex encode it, but that's about it.
您可以对它进行 b64 或十六进制编码,但仅此而已。 Also, if you want to save that string to a file rather than stdout, use the -out option.
此外,如果您想将该字符串保存到文件而不是 stdout,请使用 -out 选项。
Try this:试试这个:
echo 'foo' | openssl aes-256-cbc -a -salt
echo 'U2FsdGVkX1/QGdl4syQE8bLFSr2HzoAlcG299U/T/Xk=' | openssl aes-256-cbc -a -d -salt
Run跑步
openssl list-cipher-commands
to list all available ciphers.列出所有可用的密码。
I have a 16 byte character that I would like to encrypt using openssl into a 16 byte encrypted string [in human readable format]
我有一个 16 字节的字符,我想使用 openssl 将其加密为 16 字节的加密字符串 [以人类可读的格式]
I believe you are looking for Format Preserving Encryption.我相信您正在寻找 Format Preserving Encryption。 I think the caveat is you have to start with a 16-byte human readable string.
我认为需要注意的是你必须从一个 16 字节的人类可读字符串开始。 Phillip Rogaway has a paper on the technologies: Synopsis of Format-Preserving Encryption .
Phillip Rogaway 有一篇关于这些技术的论文:格式保留加密概要。 There's a lot to the paper, and it can't fit into a single paragraph on Stack Overflow.
这篇论文有很多内容,在 Stack Overflow 上不能用一个段落来描述。
If you can start with a shorter string and use a streaming mode like OCB, OFB or CTR, then you can Base64 encode the final string so that the result is 16-bytes and human readable.如果您可以从较短的字符串开始并使用诸如 OCB、OFB 或 CTR 之类的流模式,那么您可以对最终字符串进行 Base64 编码,以便结果为 16 字节且人类可读。 Base64 expands at a rate of 3 → 4 (3 un-encoded expands to 4 encoded), so you'd need a shorter string of length 12 characters to achieve 16 human readable characters.
Base64 以 3 → 4 的速率扩展(3 个未编码扩展为 4 个编码),因此您需要一个长度为 12 个字符的较短字符串来实现 16 个人类可读字符。
As far as I know, there are no command line tools that do it natively.据我所知,没有命令行工具可以在本地执行此操作。 You may be able to use OpenSSL on the command line with AES/CTR and pipe it through
base64
command.您可以通过 AES/CTR 在命令行上使用 OpenSSL,并通过
base64
命令进行管道传输。 The following gets close, but it starts with 11 characters (and not 12):以下内容接近,但它以 11 个字符(而不是 12 个)开头:
$ echo 12345678901 | openssl enc -e -base64 -aes-128-ctr -nopad -nosalt -k secret_password
cSTzU8+UPQQwpRAq
Also, you really need to understand te -k
option (and -K
for that matter), and how it derives a key so you can do it outside of the OpenSSL command (if needed).此外,您确实需要了解 te
-k
选项(以及与此相关的-K
选项),以及它如何派生密钥,以便您可以在 OpenSSL 命令之外执行此操作(如果需要)。
try this试试这个
$ echo "a_byte_character" | openssl enc -base64
and you have 100+ Cipher Types你有 100 多种密码类型
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-gcm -aes-128-ofb -aes-128-xts
-aes-192-cbc -aes-192-cfb -aes-192-cfb1
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb
-aes-192-gcm -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-gcm
-aes-256-ofb -aes-256-xts -aes128
-aes192 -aes256 -bf
-bf-cbc -bf-cfb -bf-ecb
-bf-ofb -blowfish -camellia-128-cbc
-camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8
-camellia-128-ecb -camellia-128-ofb -camellia-192-cbc
-camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ecb -camellia-256-ofb -camellia128
-camellia192 -camellia256 -cast
-cast-cbc -cast5-cbc -cast5-cfb
-cast5-ecb -cast5-ofb -des
-des-cbc -des-cfb -des-cfb1
-des-cfb8 -des-ecb -des-ede
-des-ede-cbc -des-ede-cfb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb
-des-ofb -des3 -desx
-desx-cbc -id-aes128-GCM -id-aes192-GCM
-id-aes256-GCM -rc2 -rc2-40-cbc
-rc2-64-cbc -rc2-cbc -rc2-cfb
-rc2-ecb -rc2-ofb -rc4
-rc4-40 -rc4-hmac-md5 -seed
-seed-cbc -seed-cfb -seed-ecb
-seed-ofb
I had trouble getting it working using echo with -n.我在使用 echo 和 -n 时遇到了问题。 This worked for me:
这对我有用:
To encrypt:加密:
echo "PLAINTEXT_STRING" | openssl enc -aes256 -pbkdf2 -base64
you'll be prompted to provide a decryption password.系统会提示您提供解密密码。
To decrypt:解密:
echo "ENCRYPTED_STRING" | openssl aes-256-cbc -d -pbkdf2 -a
enter the decryption password to decrypt.输入解密密码进行解密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.