Comments on: Quickly encrypt a file with OpenSSL

By: ftsum

ftsum — Mon, 17 Dec 2012 14:54:10 +0000

Dear all
i am new to openssl and i have read about it. the first of my problem is how to open a file to be encrypter or decrypted. i have seen the cmds but it’s when the file is ready to be encrypted. shall i give the paths or what. pls help me. i am new to openssl
B/R

By: Stephen

Stephen — Tue, 06 Nov 2012 15:45:53 +0000

No, it doesn’t suck. Frankly, I get the sense you just wanted to show off there.

This is for creating encrypted files that you can, for example, send to other people.

By: Cobalto

Cobalto — Mon, 13 Feb 2012 20:31:38 +0000

Chuck The -salt option should ALWAYS be used if the key is being derived from a password unless you want compatibility with previous versions of OpenSSL and SSLeay. Without the -salt option it is possible to perform efficient dictionary attacks on the password and to attack stream cipher encrypted data. The reason for this is that without the salt the same password always generates the same encryption key. When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.

By: Cobalto

Cobalto — Mon, 13 Feb 2012 20:30:15 +0000

The -salt option should ALWAYS be used if the key is being derived from a password unless you want compatibility with previous versions of OpenSSL and SSLeay.

Without the -salt option it is possible to perform efficient dictionary attacks on the password and to attack stream cipher encrypted data. The reason for this is that without the salt the same password always generates the same encryption key. When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.

By: Fernando

Fernando — Sun, 24 Apr 2011 02:05:57 +0000

This work too, but…

to decrypt, you have to use:
cat encrypted.data| openssl des3 -d > file.txt

By: jon brassow

jon brassow — Mon, 19 Jul 2010 22:09:01 +0000

Doesn’t this type of encrypting suck? You are starting with a plain text file, which remains on the hard drive even after you remove it from the file system. Sure, your encrypted file may be all that is visible to the average user, but anyone who can scrape the hard drive and search for FS data structures could probably recreate the plain-text file – saving a lot of time vs. breaking into the encrypted file.

Instead, perhaps create a loopback encrypted filesystem that would hold the file?

By: brian botkiller

brian botkiller — Sat, 20 Mar 2010 03:04:16 +0000

are you guys on drugs? You do realize that the best way to encrypt a text file is to use GNUpg, right? Install Gnupg, as well as the GPGdropthing. Drop your text into it. Encrypt. Paste into text file. When you need the data, decrypt. C’mon…

By: Chuck Lin

Chuck Lin — Mon, 04 Jan 2010 17:51:56 +0000

-salt doesnt seem to be in the man pages nor does it seem to do anything

you can also do

cat file.txt | openssl des3 > encrypted.data
and
cat encrypted.data | openssl des3 -d

By: Jon

Jon — Mon, 12 Oct 2009 21:00:46 +0000

Beautiful and simple – I didn’t realize this was built-in to Leopard! Thanks!

By: doodle dabbles » Blog Archive » OpenSSL: The Gift that Keeps On Giving

doodle dabbles » Blog Archive » OpenSSL: The Gift that Keeps On Giving — Mon, 18 Aug 2008 23:42:17 +0000

[...] Also, from this awesome tip from OS X Daily, you can quickly encrypt a file using openssl using the following (I used AES 128 in CBC mode) — it even prompts you for the encryption password (key) twice: [...]

By: plaxdan

plaxdan — Sun, 30 Sep 2007 18:36:03 +0000

@mchl: Just remember if you enter your password on the command line, it will be stored in plain text in your .bash_history file.

By: mchl

mchl — Wed, 15 Aug 2007 17:38:40 +0000

Many thanx for this information. Please note the possibility to add a password directly (it took me as a newby some hours to figure this out):

openssl des3 -salt -in file.txt -out file.des3 -k mypassword

(http://www.openssl.org/docs/apps/enc.html)

By: buzzert

buzzert — Sat, 12 May 2007 00:21:37 +0000

“It doesn’t look like it can be used on folders either which sucks”

You could ZIP it first.

By: Murphy

Murphy — Thu, 10 May 2007 01:54:36 +0000

mugab -

It might not be EXACTLY what you’re looking for – but I just posted the steps to make this command into a shell script. At least you can drag the file you want encrypted into a Terminal window !

Great tip OSXDaily !

By: Ignacio

Ignacio — Wed, 09 May 2007 07:35:48 +0000

If you want to protect a folder or more than one file use the disc utility, click on new image, set the space and the password.
Everyone have secrets… xD