![]() This resulted in a Base64 encoding of the output which is important if you wish to process the cipher with a text editor or read it into a string. When the plaintext was encrypted, we specified -base64. There are four steps involved when decrypting: 1) Decoding the input (from Base64), 2) extracting the Salt, 3) creating the key (key-stretching) using the password and the Salt, and 4) performing the AES decryption. Unlike the command line, each step must be explicitly performed with the API. To decrypt the output of an AES encryption (aes-256-cbc) we will use the OpenSSL C++ API. The Salt is written as part of the output, and we will read it back in the next section. This is because a different (random) salt is used. This will result in a different output each time it is run. $ openssl enc -aes-256-cbc -in plaintext.txt -base64 -md sha1 We will use the password 12345 in this example. ![]() ![]() SHA1 will be used as the key-derivation function. The output will be written to standard out (the console). The following command will prompt you for a password, encrypt a file called plaintext.txt and Base64 encode the output. To encrypt a plaintext using AES with OpenSSL, the enc command is used. Command line OpenSSL uses a rather simplistic method for computing the cryptographic key from a password, which we will need to mimic using the C++ API. OpenSSL uses a hash of the password and a random 64bit salt. Key stretching uses a key-derivation function. Because humans cannot easily remember long random strings, key stretching is performed to create a long, fixed-length key from a short, variable length password. ![]() The cryptographic keys used for AES are usually fixed-length (for example, 128 or 256bit keys). In this tutorial we will demonstrate how to encrypt plaintext using the OpenSSL command line and decrypt the cipher using the OpenSSL C++ API. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. AES ( Advanced Encryption Standard) is a symmetric-key encryption algorithm. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |