使用OpenSSL和Linux加密和解密大文件的简便方法


以下是关于如何使用OpenSSL和Linux(例如Redhat,Ubuntu,Debian,CentOS,Fedora等)加密和解密大文件的快速配置。首先,您需要的是某种任意文件。现在创建1GB文件:

$ fallocate -l 1G large_file.img
$ ls -lh large_file.img
-rw-r--r--. 1 lrendek lrendek 1.0G Jan  2 16:40 large_file.img

既然我们已经有了1GB大小的样本文件,接下来我们需要的是OpenSSL公钥和私钥对。这可以通过以下方式完成linux命令:

$ openssl req -x509 -nodes -newkey rsa:2048 -keyout private-key.pem -out public-key.pem
Generating a 2048 bit RSA private key
............................................+++
.....+++
writing new private key to 'private-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

无需回答上述任何问题,只需点击ENTER接着说。现在,您应该在当前工作目录中同时拥有私钥和公钥:

$ ls -l *.pem
-rw-rw-r--. 1 lrendek lrendek 1704 Jan  2 16:45 private-key.pem
-rw-rw-r--. 1 lrendek lrendek 1220 Jan  2 16:45 public-key.pem

请确保将私钥保存在保存位置,否则您将无法解密文件,并且其他人可能会解密文件。

使用OpenSSL加密大文件

现在我们准备使用OpenSSL加密工具解密大文件:

$ openssl smime -encrypt -binary -aes-256-cbc -in large_file.img -out large_file.img.dat -outform DER public-key.pem

上面的命令已加密您的large_file.img并将其存储为large_file.img.dat:


$ ls -l large_file.img*
-rw-r--r--. 1 lrendek lrendek 1073741824 Jan  2 16:40 large_file.img
-rw-rw-r--. 1 lrendek lrendek 1073742293 Jan  2 16:49 large_file.img.dat

我们可以使用md5sum对于这两个文件,以便我们在解密文件后可以进行比较:


$ md5sum large_file.img*
cd573cfaace07e7949bc0c46028904ff  large_file.img
c4d8f1e868d1176d8aa5363b0bdf8e7c  large_file.img.dat

使用OpenSSL解密大文件

$ openssl smime -decrypt -in large_file.img.dat -binary -inform DEM -inkey private-key.pem -out decrypted_large_file.img

上面的命令已经解密了我们以前加密的大文件,并将其存储为decrypted_large_file.img。让我们再次生成md5sum哈希以比较我们的结果:

$ md5sum *large_file.img*
cd573cfaace07e7949bc0c46028904ff  decrypted_large_file.img
cd573cfaace07e7949bc0c46028904ff  large_file.img
c4d8f1e868d1176d8aa5363b0bdf8e7c  large_file.img.dat

从上面的输出中,您可以看到decrypted_large_file.img和原始的large_file.img都是一样的
原文链接

声明:小小博客|版权所有,违者必究|如未注明,均为原创|本网站采用BY-NC-SA协议进行授权

转载:转载请注明原文链接 - 使用OpenSSL和Linux加密和解密大文件的简便方法


Carpe Diem and Do what I like