Encrypting a File from the Command Line
In terminal, suppose you wanted to encrypt a file with a password (symmetric key encryption).
To do this using the OpenSSL command line tool, you could run this:
openssl aes-128-cbc -in Archive.zip -out Archive.zip.aes128To decrypt it (notice the addition of the -d flag that triggers a decrypt instead of an encrypt action):
openssl aes-128-cbc -d -in Archive.zip.aes128 -out Archive.zipThis example uses the Advanced Encryption Standard (AES) cipher in cipher-block chaining mode. The file is very strongly encrypted for normal purposes assuming that you picked a good passphrase.
According to Bruce Schneier, "...for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the forseeable future. But if you're already using AES-256, there's no reason to change" (Another New AES Attack, July 30, 2009).
Built into Ruby and PHP
The OpenSSL library is a very standardized open source security library. It's built into the majority of platforms, including Mac OS X, Linux, FreeBSD, iOS, and Android. Compatible SSL libraries are also built into Java and even the Microsoft platforms.
In future articles, we will explore the usage of OpenSSL for encryption and verification in website projects. In the mean time, check out these API references for both PHP and Ruby.
Impressive Array of OptionsOn my Mac OS X system, the default openssl install supports and impressive set of 49 algorithms to choose from.