Monday, November 30, 2015

HOW TO - Encrypt a file with OpenSSL

Q: A customer called today needing file encryption supported by FIPS 140-2.
We found GPG, an open source solution, was not supported according to the Cryptographic Modules list - but OpenSSL was supported.

A: We suggested following the excellent instructions we found here to perform file encryption using OpenSSL.  We've duplicated the steps below with one minor change.  On the first step we recommended 2048 instead of 1024.

1) Generate a public & private key and store it in private.pem:
openssl genrsa -out private.pem 2048

2) Extract the public key to a file public.pem:
openssl rsa -in private.pem -out public.pem -outform PEM -pubout

3) Create a bit of data to encrypt:
echo 'If you can read this, you've successfully decrypted the file" > file.txt

4) Encrypt the file:
openssl rsautl -encrypt -inkey public.pem -pubin -in file.txt -out file.ssl

5) Decrypt the file:
openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt

6) Display the contents:
type decrypted.txt