OpenSSL - Introduction

OpenSSL documentation (man openssl)  - ( openssl.pdf )

 

Message Digest   ( man dgst )

> more file1.txt 
Hussein  Wahab
Old Dominion University

>   openssl   dgst    -sha1   file1.txt

          SHA1(file.txt)= 439d855153b88dff064af44cc7794026bad31a45

>  more file2.txt
hussein  Wahab
Old Dominion University

> openssl dgst -sha1 file2.txt
      SHA1(file.txt)= 3204dcbee726eb0319b3094f3947539b5e15c969

>  diff file1.txt file2.txt
     1c1
     < Hussein  Wahab
      ---
     > hussein  Wahab

This shows that small difference (H vs. h) completely changes the digest.
To record the digest of a file us:

openssl dgst -sha1 -out   digest_file1.txt    file1.txt

> cat digest_file1.txt
     SHA1(file1.txt)= 439d855153b88dff064af44cc7794026bad31a45

Or you can use:
> openssl dgst -sha1 file1.txt  >  digest_file1.txt

 

 

 Public Key Cryptography (Asymmetric)  ( man genrsa ) & ( man rsa )

 

Ø Generating RSA  keys


  > openssl  genrsa  -out rsaprivatekey.pem  -des3 1024

This generate the  private key and store it encrypted (using password)

Generating RSA private key, 1024 bit long modulus
....................++++++
........................................++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:

 > openssl rsa -in rsaprivatekey.pem -pubout -out  rsapublickey.pem

This generate the corresponding  puplic key if  the correct password is provided. 

read RSA key
Enter PEM pass phrase:
writing RSA key 

  NOTE:      For most openssl commands you should first do the following:

> cp ~cs472/randomfile .
>  setenv RANDFILE randomfile

 

Ø Signining/Verifying  message digest  with RSA

   

 > openssl dgst  -sha1 -sign rsaprivatekey.pem  -out  mdrsasign_file1.cipher   file1.txt
     Enter PEM pass phrase:

             > openssl dgst -sha1 -verify rsapublickey.pem -signature mdrsasign_file1.cipher file1.txt
                    Verified OK

 

             Change one char in file1.txt
             > openssl dgst -sha1 -verify rsapublickey.pem -signature mdrsasign_file1.cipher file1.txt
                    Verification Failure

NOTE:   file1.txt can be as large as you like, since you are signing the digest.
 

Ø      Message Encryption/Decryption with RSA    (man rsautl )

 

> openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in  file1.txt  -out file1.cipher

            > openssl rsautl -decrypt -inkey rsaprivatekey.pem -in file1.cipher -out  file1.txt
            Enter PEM pass phrase:

NOTE:  file1.txt  has to be small (<=1024 bits or 128 bytes, the length of the RSA key), since you are encrypting/decryption  the file itself, not its digest.

 

Ø Message Signature/Verification with RSA

 

    > openssl rsautl   -sign    -inkey rsaprivatekey.pem   -in file1.txt   -out  file1_signature.cipher

    > openssl rsautl -verify -pubin  -inkey rsapublickey.pem -out file1.txt -in file1_signature.cipher

    NOTE:  file1.txt  has to be small, since you are encrypting/decryption  file1.txt itself.

 

 

 
Secret Key Cryptography (Symmetric)    ( man enc)

 

Ø Encrypt (-e):

 

> openssl enc -des3  -e -salt -a -in file1.txt -out file1.base64

enter des-ede3-cbc encryption password:
Verifying password - enter des-ede3-cbc encryption password:

 

Ø      Decrypt (-d):

> openssl enc -des3  -d -salt -a -out file1.txt -in file1.base64

           enter des-ede3-cbc decryption password:

 

In the above, we can encrypt/decrypt  without -a option to produce file1.cipher,

then we can use the following to encode/decode to/from base64.

 

Ø Encode to base64

To encode  file1.cipher to file1.base64:

 

> openssl enc -base64 -e -out file1.base64 -in file1.cipher

 

Ø Decode to base64

To decode  file1.base64  to file1.cipher:

> openssl enc -base64  -d -in file1sym.base64 -out file1sym.cipher