OpenSSL is an open source implementation of the SSL/TLS protocol, most commonly known as the security software underlying the majority of HTTPS servers on the Internet. What is less well-known is that OpenSSL comes with its own command line utility that lets you manually encrypt and decrypt files. I’ve found this utility most useful for encrypting archives that I’m using to back up my files. To encrypt files on an online filesystem I would probably be better off using a full-disk encryption utility like BitLocker or TrueCrypt, but the task of encrypting backups stored on offline media typically requires something more manual, since on-the-fly encryption/decryption doesn’t really work for that purpose. So I use the OpenSSL utility.
OpenSSL is available for all major platforms. You install it in the same way you would install any other package on your system. The package name for the Linux version is simply
openssl. The installation process is fairly straightforward. Once you have it installed, you can start up the command line utility by typing
openssl at the console. Once this utility starts, you’ll see a prompt that says
OpenSSL>. Enter a single question mark to see a comprehensive list of OpenSSL commands.
The above screenshot shows an OpenSSL command line session running in Cygwin. This is actually an older version of OpenSSL that I had to search for specifically and compile from source using Make because I needed to decrypt some backup archives of mine that were encrypted using the RC5 block cipher (among others). Since the OpenSSL command line utility no longer supports RC5 I had to find an old version of the program so I could access the files that were on that archive and recover my data from the disaster of my previous Macbook failures. I realize this can sometimes be an issue: There may be an emerging need for a cipher that is no longer implemented in current versions of a program. In this case, you can access an archive of old versions of OpenSSL here. The caveat is that these are often only available as tarballs, so you won’t be able to install them with your regular package manager.
The listing shown above enumerates a multitude of different OpenSSL ciphers that you can use from the command line. These can be used as arguments to the
enc command or, as a shorthand, as commands in their own right. In the following paragraphs I’m going to explain what some of these ciphers are and how to use them.
First a run-down of what actually happens when you encrypt a file with OpenSSL. The basic command for encrypting is:
OpenSSL> cipher_command -in plaintext_file -out ciphertext_file
The basic command for decrypting is the same, but with a
-d flag added on.
OpenSSL> cipher_command -d -in ciphertext_file -out plaintext_file
You can also run either of these or any other OpenSSL command from the regular command shell by prepending the word
openssl to the command.
When you run one of OpenSSL’s cipher commands, it will prompt you for a password so it can generate a secret key. Note that the password is not the key itself; rather the key is derived from the password through a one-way hash. The advantage of this is that your password does not have to be a certain length; it can be anything you want, and the hashing algorithm will ensure that the resulting key is the correct size. It’s still best to choose a strong password regardless, because an attacker could still bruteforce your key indirectly by simply going through all possible passwords and hashing them in the OpenSSL utility until finding the one that successfully decrypts the file.
If you look at the list of ciphers above, you’ll notice that many of the names are just slight variations of other command names. This is because there are actually three factors distinguishing OpenSSL cipher commands from each other: 1. the encryption algorithm being used (e.g. AES, Blowfish, etc.), 2. the size of the key in bits, and 3. the mode of operation being used. I’d like to talk about modes of operation here, because it’s important to understand what they are, but first I need to explain the difference between a stream cipher and a block cipher.
Stream ciphers and block ciphers are the two main varieties of ciphers used in symmetric key cryptography. The primary difference is that a stream cipher encrypts a file one bit at a time while a block cipher encrypts a file in blocks of a fixed length, usually only a few bytes. This has various implications for both the security and efficiency of the algorithm: generally stream ciphers are faster but less secure while block ciphers are slower but more secure.
With that said, a block cipher mode of operation is basically an extra layer of security placed on a block cipher to prevent related key attacks. A related key attack involves knowing beforehand that two messages (or two blocks of the same message) are encrypted using the same key, and combining the two ciphertexts to derive the original key from that. Modes of operation prevent this by effectively making it so that each block of the cipher is encrypted using a different key. This is done by adding in additional obfuscation derived from the encryption of earlier blocks.
I’m going to focus on the AES cipher here, since that’s the most commonly used and is sufficient for the vast majority of applications. As you can see, the AES commands shown above have three different key sizes: 128, 192, and 256; and two different suffixes to denote modes of operation: ECB and CBC. ECB stands for Electronic Code Book and CBC stands for Cipher Block Chaining. The main thing you need to know is that as a general rule you should not use ECB, because that literally means you’re using the bare-bones AES cipher with no additional obfuscation added. You could think of it as no mode of operation. CBC is typically what you will want to use. It means that each block of the cipher is XORed with the ciphertext of the previous block prior to encryption. Thus any changes in one block will propagate not just through the entire block, but through the entire remainder of the message as well.
There are four other modes of operation which I’m not going to get into too much detail on here. PCBC is a variation of CBC. Then there are three other modes of operation (CFB, OFB, and CTR) that work by effectively converting a block cipher into a stream cipher. Note that this does not make the cipher less secure, since the underlying algorithm is still the same. All this means is that the cipher works by XORing a keystream (derived from previous blocks) bit-by-bit with each block rather than performing direct substitutions and permutations as you would with regular AES. Basically rather than applying the AES cipher to the message itself, the algorithm is applied to the keystream and then the encrypted keystream is XORed with the plaintext. To learn more about modes of operation, check out the Wikipedia article here.
Now I want to touch briefly on key size. Generally speaking, the wider the key, the larger the keyspace an attacker will have to search, and the longer it will take for them to do so. In fact the time it takes to bruteforce a keyspace increases exponentially with the key size, meaning each additional bit doubles the amount of time needed. Eventually a point is reached where the problem of bruteforcing the keyspace simply becomes too complex to solve in a timely manner even by the most powerful supercomputers. This is generally accepted to be around 80 bits. However, the advent of quantum cryptanalysis could double this number to 160 bits. So AES-128 will no longer be sufficient. If you really want to future-proof your backups and keep them safe for a long time, I would suggest using AES-192 (AES-256 is probably overkill and will run more slowly than AES-192).
To conclude this tutorial I will briefly look at some of the other cipher commands available in the OpenSSL command line utility and the ciphers they correspond to:
bf – Blowfish: This is a block cipher developed by the legendary cryptographer Bruce Schneier in 1993. Although widely considered obsolete (it has largely been replaced by Twofish), no cracks for it have been found, so you’re probably safe using it.
des – Data Encryption Standard (DES): the classic block cipher used by the US government in the 70s and 80s. It is easily bruteforceable due to its small key size of only 56 bits. Don’t use it.
des3 – Triple-DES or 3DES: Exactly what it sounds like – a cipher that effectively triples the key size of DES. This algorithm is perfectly secure, but it’s also extremely slow. You’ll probably want to use AES instead.
camellia – Camellia: One of the more recent block ciphers out there. It is probably about as good as if not better than AES, though it hasn’t caught on as much as its rival in terms of popularity.
rc4 – RC4: A stream cipher. It’s best not to use stream ciphers for files on mass storage, again, because of related key attacks. Stream ciphers should only be used for messages being sent in real time.
Here’s a screenshot of the OpenSSL command line utility in action, taken from my old Macbook: