Lab3 Openssl
Lab3 Openssl
1. Introduction
In this lab, we will explore encryption and decryption techniques using OpenSSL, a widely used
open-source toolkit for implementing SSL/TLS protocols and other cryptographic operations.
OpenSSL provides powerful encryption and decryption functions, allowing us to work with
symmetric key algorithms such as AES (Advanced Encryption Standard) and asymmetric key
algorithms such as RSA.
OpenSSL is an open-source software library useful for encryption and secure network
communication. SSL stands for Secure Sockets Layer, a cryptographic communications
protocol. This tutorial will demonstrate one way to use OpenSSL to exchange a file between two
parties.
Objectives:
1. Understand how to perform symmetric and asymmetric encryption and decryption using
OpenSSL.
Tools Required:
1. Linux-based system or Windows with OpenSSL installed.
AES is a symmetric encryption algorithm. We'll use the AES-256-CBC cipher to encrypt the file.
OpenSSL will prompt for a password to generate a key for the encryption.
openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.txt
1. openssl enc
• The enc “encode” command in OpenSSL is used for encryption and decryption.
• It supports various symmetric encryption algorithms, such as AES, DES, and Blowfish.
2. -aes-256-cbc
o 256: Refers to the key size, which is 256 bits (32 bytes). This is the highest key size
for AES and provides strong encryption.
Cipher Block Chaining (CBC) mode, the input plaintext is divided into fixed-size
blocks (e.g., 128 bits for AES). Each plaintext block is XORed with the previous
ciphertext block before being encrypted with the cipher. This chaining mechanism
ensures that the encryption of each block depends on the previous block, providing
better security.
3. -salt
• Adds a cryptographic salt to the encryption process.
• What is Salt?:
o It ensures that even if the same password is used, the output ciphertext will differ
each time encryption is performed.
4. -in plaintext.txt
• In this case, the file plaintext.txt contains the data you want to protect.
5. -out encrypted.txt
• Specifies the output file where the encrypted data will be written.
• In this case, the ciphertext is saved in encrypted.txt.
type encrypted.txt
`-out decrypted.txt`: The output file that will contain the decrypted content.
Check the contents of decrypted.txt to ensure the message has been decrypted correctly.
type decrypted.txt
• Generate a Private Key: Use OpenSSL to generate a 2048-bit RSA private key.
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
Explain each part of command:
• Generate a Public Key: Extract the public key from the private key.
openssl rsa -pubout -in private_key.pem -out public_key.pem
1. openssl pkeyutl:
2. -encrypt:
o Specifies the operation to encrypt the input file.
3. -inkey public_key.pem:
o Points to the RSA public key file to be used for encryption.
4. -pubin:
o Indicates the input key (public_key.pem) is a public key (not a private key).
5. -in mes.txt:
o Specifies the plaintext input file (mes.txt) that will be encrypted.
6. -out encrypted_mes.bin:
This command encrypts the contents of mes.txt using the public key provided in public_key.pem.
type decrypted_mes.txt