Base64 encoding is a standard method for converting 8 bit binary information into a limited subset of ASCII characters for safe transport through e-mail systems and systems that are not 8-bit safe. It is straightforward to encode BAse64 data with OpenSSL.
$ openssl enc -base64 -in myfile -out myfile.b64
$ openssl enc -d -base64 -in myfile.b64 -out myfile.decrypt
Symmetric Encryption/Decryption of Files
Blowfish encrypt
$ openssl enc -e -a -salt -bf -in tomcat.jpg -out tomcat.blowfish
enter bf-cbc encryption password:
Verifying password - enter bf-cbc encryption password:
Blowfish decrypt
$ openssl enc -d -a -bf -in tomcat.blowfish -out tomcat-decrypt.jpg
enter bf-cbc decryption password:
Triple DES encrypt
$ openssl enc -e -a -salt -des3 -in tomcat.jpg -out tomcat.des3
enter des-ede3-cbc encryption password:
Verifying password - enter des-ede3-cbc encryption password:
Triple DES decrypt
$ openssl enc -d -a -des3 -in tomcat.des3 -out tomcat-des3.jpg
Cast 5 encrypt
$ openssl enc -e -a -salt -cast5-cbc -in tomcat.jpg -out tomcat.cast5
enter cast5-cbc encryption password:
Verifying password - enter cast5-cbc encryption password:
Cast 5 decrypt
$ openssl enc -d -a -cast5-cbc -in tomcat.jpg -out tomcat.cast5
If it is not being Emailed you can leave off the -a argument
Cryptographic Hashing Functions
Use these to see if a file has been tampered with.
$ openssl dgst -sha1 -c tomcat.jpg
$ openssl dgst -ripemd160 -c tomcat.jpg
$ openssl dgst -md5 -c tomcat.jpg
S Client SSL?TLS Test Utilty
The S client test utilty lets you test servers that use SSL/TLS with a powerful command line utilty
$ openssl s_client -connect www.redhat.com:443
Once you have connected, you can manually type in any commands you want, such as "GET /" and "HEAD / HTTP/1.0" for secure web servers. There are also options like -no_tls1 and -no_ssl2 that let you specify which version of SSL/TLS that you want to connect with.
The -showcerts and -debug options are also worth a look.Labels: Centos 6, OpenSSL, RHEL