Skip to content

Instantly share code, notes, and snippets.

@noamnelke

noamnelke/encryption_tips.md

Last active November 2, 2021 16:03
Show Gist options
  • Save noamnelke/687e44dfebf461873b27126d78fdfcca to your computer and use it in GitHub Desktop.
Save noamnelke/687e44dfebf461873b27126d78fdfcca to your computer and use it in GitHub Desktop.
Download ZIP
Raw
encryption_tips.md

1. Converts the recipient's public key to PKCS8

ssh-keygen -f id_rsa.pub -e -m PKCS8 > id_rsa.pkcs8.pubkey

One way to obtain a recipient's public key is from GitHub, by adding .keys to their profile url, e.g. https://github.com/noamnelke.keys

2. Encrypt a string

This pipes a secret string into openssl, encrypts it with the recipient's public key and pipes the result to openssl again to transcode it into base64 (without the last step it would be binary, which is fine for a file, but harder to paste somewhere).

echo "some secret string" | openssl rsautl -encrypt -pubin -inkey id_rsa.pkcs8.pubkey | openssl base64

Decrypt a string

echo "encrypted string" | openssl base64 -d | openssl rsautl -decrypt -ssl -inkey path/to/your/id_rsa

3. Encrypt a file

3.1. Generate a symmetric key

openssl rand 32 > key

3.2. Encrypt the file symmetrically

openssl aes-256-cbc -e -pass file:key < your.file > your.file.enc

3.3. Encrypt the key with the recipient's public key

openssl rsautl -encrypt -pubin -inkey id_rsa.pkcs8.pubkey < key > key.enc

3.4. Share the encrypted key and encrypted file with the recipient

key.enc
your.file.enc

Decrypt a file

openssl rsautl -decrypt -ssl -inkey path/to/your/id_rsa < key.enc > key
openssl aes-256-cbc -d -pass file:key < your.file.enc > your.file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment