File Encryption using OpenSSL on the Command Line

Generate Key
  1009  12:18   openssl req -x509 -text -new -newkey rsa:1024 -out cllee.pem -md
5 -days 3605
  1015  12:20   mv privkey.pem cllee.privkey
  1016  12:20   openssl rsa -in cllee.privkey | less
  1017  12:20   openssl sha1 cllee.pem
  1018  12:21   mv cllee.privkey cllee
  1020  12:21   mv cllee privkey_cllee.pem
  1024  12:22   openssl md5 cllee.pem

Shared Key encryption
  1026  12:23   openssl enc -e -in test.txt -out test.en -aes-256-ecb
  1029  12:24   openssl enc -d -in test.en -aes-256-ecb

Public Key encryption
  1030  12:25   openssl smime -encrypt -des3 -inform pem -in test.txt -out test.
pub_en cllee.pem
  1033  12:26   openssl smime -decrypt -in test.pub_en -inkey privkey_cllee.pem 
-recip cllee.pem

Public Key encryption to more than one recipient
  1040  12:43   openssl req -x509 -text -new -newkey rsa:1024 -out leecl.pem -md
5 -days 3605
cllee@toshiba:~/txt$ cat file_encrypt.txt 
Generate Key
  1009  12:18   openssl req -x509 -text -new -newkey rsa:1024 -out cllee.pem -md5 -days 3605
  1015  12:20   mv privkey.pem cllee.privkey
  1016  12:20   openssl rsa -in cllee.privkey | less
  1017  12:20   openssl sha1 cllee.pem
  1018  12:21   mv cllee.privkey cllee
  1020  12:21   mv cllee privkey_cllee.pem
  1024  12:22   openssl md5 cllee.pem

Shared Key encryption
  1026  12:23   openssl enc -e -in test.txt -out test.en -aes-256-ecb
  1029  12:24   openssl enc -d -in test.en -aes-256-ecb

Public Key encryption
  1030  12:25   openssl smime -encrypt -des3 -inform pem -in test.txt -out test.pub_en cllee.pem
  1033  12:26   openssl smime -decrypt -in test.pub_en -inkey privkey_cllee.pem -recip cllee.pem

Public Key encryption to more than one recipient
  1040  12:43   openssl req -x509 -text -new -newkey rsa:1024 -out leecl.pem -md5 -days 3605
  1042  12:44   mv privkey.pem privkey_leecl.pem
  1045  12:46   openssl smime -encrypt -des3 -inform pem -in test.txt -out test.pub_en2 leecl.pem cllee.pem
  1051  12:47   openssl smime -decrypt -in test.pub_en2 -inkey privkey_cllee.pem -recip cllee.pem
  1052  12:47   openssl smime -decrypt -in test.pub_en2 -inkey privkey_leecl.pem -recip leecl.pem

If you forget to include your own public key, the mail will not be readable by you!
  1053  12:47   openssl smime -encrypt -des3 -inform pem -in test.txt -out test.pub_en3 leecl.pem
  1054  12:47   openssl smime -decrypt -in test.pub_en3 -inkey privkey_leecl.pem -recip leecl.pem
  1055  12:48   openssl smime -decrypt -in test.pub_en3 -inkey privkey_cllee.pem -recip cllee.pem

Create a signed document
  1047  13:32   openssl smime -sign -in test.txt -text -signer cllee.pem -inkey privkey_cllee.pem -out test.signed.cllee

Encrypt the signed document (-out must come *before* the PEMs at the end)
  1050  13:34   openssl smime -encrypt -in test.signed.cllee -from cllee -to leecl -subject "signed and encrypted" -aes256 -out test.signed.cllee.encrypted.cllee.leecl cllee.pem leecl.pem

Decrypt the signed and encrypted document
  1058  13:36   openssl smime -decrypt -in test.signed.cllee.encrypted.cllee.leecl -inkey privkey_cllee.pem -recip cllee.pem > aaa
  1059  13:36   more aaa
  1067  13:37   vi aaa
  1068  13:39   diff test.signed.cllee aaa
  1070  13:39   mv aaa test.signed.cllee.decrypted.un-DOS

Verify the decrypted (signed and encrypted) document
  1072  13:40   openssl smime -CAfile cllee.pem -verify -in test.signed.cllee

Verify using the other recipient (the un-DOS step is: vi, and se fileformat=unix)
  1095  13:53   openssl smime -decrypt -in test.signed.cllee.encrypted.cllee.leecl -inkey privkey_leecl.pem -recip leecl.pem > aaa
Hosted by www.Geocities.ws