OpenSSL Encryption Frontend

09/07/2003

I usually use PGP to encrypt things like password lists and so forth. This is not always optimal as I sometimes worry about loosing my keys and would instead just want a simple password crypted file.
OpenSSL provides a simple method for encrypting and decrypting that is available on most Unix machines thesedays and even some Windows machines.


After some searching on the net I came across some references to this that showed some simple methods and I wrote a wrapper around them in Perl. To use it simply place it on your machine, make it executable and optionally fix the path to OpenSSL near the top of the script.
Encryption:
sslcrypt -e -i input -o output
Decryption:
sslcrypt -d -i input -o output
By default it will refuse to overwrite existing output but you can force that by supplying -f. The output will be binary and should be transfered in a binary safe method but you may supply -a to output/input a base64 encoded file.
It will by default use Blowfish in CBC mode but you may also force it to you Three key triple DES EDE in CBC mode by supplying -3.
It is important to note that you will need to somehow remember what mode you used for any specific file since OpenSSL cannot figure it out for you, so if you encrypt with -3 or -a you must also decrypt with -3 or -a.
You can download the script here.
Related Links:
OpenSSL
http://www.monkey.org/openbsd/archive/misc/0102/msg00798.html
http://www.monkey.org/openbsd/archive/misc/0102/msg00804.html
enc(1)