In today’s world, many of us rely on software like LastPass, Bitwarden, or Dashlane to manage passwords and secure files. However, most of these services have limitations, and their costs can scale quickly based on storage or usage.

If you have 30 GB or more of data that you need to keep encrypted, paying for third-party cloud storage can become expensive. As a programmer, I prefer to keep my files secure without relying entirely on these paid services.

This doesn’t mean you need to implement cryptographic protocols from scratch. You can use the OpenSSL library or any programming language with OpenSSL support to build your own wrapper for securing information in the cloud.

The OpenSSL command-line tool is a “Swiss Army knife” for cryptographic tasks, testing, and analysis. It can be used for:

  1. Creating secret keys and passwords.
  2. Generating SSL certificates.
  3. Encrypting and decrypting files.

What is OpenSSL?

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.

OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in C, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are also available.

In the world of cryptography, open-source solutions are generally preferred for security. Publicly vetted algorithms and implementations are often more secure than proprietary ones.

Note: There are also excellent free and open-source password managers like KeePass that are worth considering.

Symmetric vs. Asymmetric Encryption

Symmetric encryption uses a single key for both encryption and decryption, while asymmetric encryption uses a pair of keys (public and private). Asymmetric encryption is generally slower and is often impractical for encrypting very large files directly.

Many systems use a hybrid approach: asymmetric encryption is used to securely share a secret key between two parties, and the subsequent communication is encrypted using faster symmetric encryption with that shared key.

For this blog post, I will demonstrate command-line scripts for the RSA algorithm, which is a widely used asymmetric cryptographic algorithm.

Useful OpenSSL Commands

Below are a few commands you can use to encrypt and decrypt your files:

  1. Create a Private Key

    openssl genrsa -aes128 -out sathia_private.pem 1024

    This generates an RSA private key. You can find a description of each option here.

  2. Create a Public Key

    openssl rsa -in sathia_private.pem -pubout > sathia_public.pem

    Public keys are generated from private keys. You can learn more about the options for generating public keys here.

  3. Encrypt a File

    First, create a file to encrypt:

    echo "testing my key" > secret.txt

    Now, generate the encrypted file secret.enc using the public key:

    openssl rsautl -encrypt -inkey sathia_public.pem -pubin -in secret.txt -out secret.enc

    Finally, remove the unencrypted file:

    rm secret.txt

  4. Decrypt a File

    Decrypting the file requires the corresponding private key:

    openssl rsautl -decrypt -inkey sathia_private.pem -in secret.enc

References:

  1. OpenSSL Official Website
  2. Wikipedia: OpenSSL