Last active
March 5, 2016 09:26
-
-
Save petehamilton/e97004e84e5f29519a91 to your computer and use it in GitHub Desktop.
Example of Encrypting File with OPENSSL. Based on http://www.czeskis.com/random/openssl-encrypt-file.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env bash | |
| set -e | |
| set -u | |
| PRIVATE_KEY='private-key.pem' | |
| PUBLIC_KEY='public-key.pem' | |
| KEY_FILE="key.bin" | |
| KEY_FILE_ENCRYPTED="key.bin.enc" | |
| CSV_FILE='fixture-secret.txt' | |
| CSV_FILE_ENCRYPTED='secret.txt.enc' | |
| PASSWORD_FILE='password.txt' | |
| echo "!!! ALL PASSWORDS ARE $(cat $PASSWORD_FILE) !!!" | |
| echo 'Generating RSA key' | |
| openssl genrsa -aes256 -out $PRIVATE_KEY -passout file:$PASSWORD_FILE 4096 | |
| echo 'Generating 256 bit random key' | |
| openssl rand 256 > $KEY_FILE | |
| echo 'Generating public key' | |
| openssl rsa -in $PRIVATE_KEY -passin file:$PASSWORD_FILE -pubout -outform pem > $PUBLIC_KEY | |
| echo 'Encrypting the random key' | |
| openssl rsautl -encrypt -inkey $PUBLIC_KEY -pubin -in $KEY_FILE -out $KEY_FILE_ENCRYPTED | |
| echo 'Encrypting CSV file' | |
| openssl enc -aes-256-cbc -salt -in $CSV_FILE -out $CSV_FILE_ENCRYPTED -pass file:$KEY_FILE | |
| # Send encrypted file and key across network | |
| echo 'Decrypting key' | |
| openssl rsautl -decrypt -inkey $PRIVATE_KEY -in KEY_FILE_ENCRYPTED -out $KEY_FILE | |
| echo 'Decrypting file' | |
| openssl enc -d -aes-256-cbc -in $CSV_FILE_ENCRYPTED -out output.txt -pass file:$KEY_FILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment