on
[CRYPTOGRAPHY] OpenSSL
OpenSSL
OpenSSL is a software library for applications that secure communications over computer networks. Is a C library that implements the main cryptographic operations like symmetric encryption, publickey encryption, digital signature, hash functions, etc. Cryptography Foundations
OpenSSL contains an opensource implementation of the SSL and TLS protocols.
The OpenSSL Software Foundation (OSF) represents the OpenSSL project in most legal capacities including contributor license agreements, managing donations, and so on. OpenSSL Software Services (OSS) also represents the OpenSSL project, for Support Contracts.
OpenSSL is available for most Unixlike operating systems (including Linux, macOS, and BSD) and Microsoft Windows.
The source code can be downloaded from www.openssl.org
There are several forks of OpenSSL project.

LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs. Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is.
Installing OpenSSL
On Ubuntu Linux distribution
On Ubuntu Linux distribution, OpenSSL is usually already available; however, it can be installed using the following commands:
$ sudo aptget install openssl
On MacOS
 Install Homebrew
 To install OpenSSL  The Open Source SSL and TLS toolkit, run the following command from the terminal:
$ brew install openssl
On Windows
 Install Chocolatey
 To install OpenSSL  The Open Source SSL and TLS toolkit, run the following command from the command line or from PowerShell:
choco install openssl.light version=1.0.1.3
Checking the version of OpenSSL
$ openssl version a
OpenSSL commands
To list OpenSSL commands run the following command on a terminal.
$ openssl liststandardcommands
See a brief description of each command: STANDARD COMMANDS
OpenSSL secret key encryption algorithms
To list OpenSSL secret key encryption algorithms run the following command on a terminal.
$ openssl listciphercommands
See a brief description of each command: ENCODING AND CIPHER COMMANDS
How to encrypt and decrypt using AES
Encrypting Using Passwords
OpenSSL makes it easy to encrypt/decrypt files using a passphrase. Unfortunately, pass phrases are usually “terrible” and difficult to manage and distribute securely.
$ openssl aes256cbc in secret.txt out secret.txt.enc
...
enter aes256cbc encryption password: ****
Verifying  enter aes256cbc encryption password: ****
Note that secret.txt.enc is a binary file; sometimes, it is desirable to encode this binary file into a text format for compatibility/interoperability reasons. The following command can be used to do that:
$ openssl enc base64 in secret.txt.enc out secret.txt.enc.b64
$ cat secret.txt.enc.b64
...
U2FsdGVkX19rgggeH83tOHp0kpmseWLw0tBJqvYA9QRtYuj9pHn5u30T5A5pBcwH
In order to decode from base64, the following commands are used. Take the secret.txt.enc.b64 file from the previous example:
$ openssl enc d base64 in secret.txt.enc.b64 out secret.txt.enc
Decrypting Using Passwords
$ openssl aes256cbc d in secret.txt.enc out secret.txt.dec
...
enter aes256cbc decryption password: ****
Encrypting Using pseudorandom bytes key.
$ openssl rand 192 out key
$ openssl aes256cbc in secret.txt out secret.txt.enc pass file:key
$ tar zcvf secret.tgz *.enc
Decrypting Using pseudorandom bytes key.
$ tar xzvf secret.tgz
$ openssl aes256cbc d in secret.txt.enc out secret.txt.dec pass file:key
Sharing the file:key using rsautl
Assuming that id_rsa.pub is the public key you want to use and that id_rsa is the private key the recipient will use, and secret.txt is the data you want to transmit…
Encrypting
$ openssl rand 192 out key
$ openssl aes256cbc in secret.txt out secret.txt.enc pass file:key
$ openssl rsautl encrypt pubin inkey ~/.ssh/id_rsa.pub in key out key.enc
$ tar zcvf secret.tgz *.enc
Decrypting
$ tar xzvf secret.tgz
$ openssl rsautl decrypt ssl inkey ~/.ssh/id_rsa in key.enc out key
$ openssl aes256cbc d in secret.txt.enc out secret.txt.dec pass file:key
How to encrypt and decrypt using RSA
Generating the private key
$ openssl genpkey algorithm RSA out privatekey.pem pkeyopt rsa_keygen_bits:1024
............++++++
........++++++
After executing the command, a file named privatekey.pem is produced, which contains the generated private key. This is shown as follows:
$ cat privatekey.pem
BEGIN PRIVATE KEY
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALtVw+eLI95poiqN
YOJlt3udH5rq70K0pwx6nXJhhZRsMD767RAFjbZThhJ3QCDvd8K7s/IvR29Jeq3L
IEDN2uM+nB1ZE5I5Hq901Qc1aLneQ4BMzSlzjYTIFfrpYX07EqWtAfOouk+zxp5I
12z4vV1kAU/W2WK4P98xZc9xd8WjAgMBAAECgYBigtxNA1cuW0AivkvHYhPVli+L
iKWe317E6imnf27+ONI6HDvTZAg8a7miNkFr0GGa7pfW8FPRSsOPZrSkP1wtourj
LVmENjKaUuSyIxxSTJ8sD70KFJ5xNRZe7bPgekF+q5TXUQzMLub31z+/iYca76Sy
kdptaxBPD8OlC4XQWQJBAOnY4Mv3tpvLcQBxpUaRxUOGoVJ1+OCzpFIKHtgAlCMa
pGXxPDXs89kePa8RNPn/vZDiswe/2WM2imfYAu8A0i8CQQDNFObubb4n/WRIdvxJ
QMSYlmcFB3Lhe5ONbRpS1JMWmigtxpVWtSnKN8Y5nHOEAZyYYxeQcynta/ZwxCFr
uGrNAkBl7L7GiFjSfRDq5Z3pLV4yuXqVK5BnuEUV8Q1SjqYCyvj+6e+ZfYcnilPO
e4yAruRcQ0NPTGKfKMWYz4Ev1UbHAkEAqRn+HUXCUUkgIpxyBJjyQntp8PymXoS+
MxRuazQ7IJz2WmBvjXKORd7dhW2a1pNZo1G6AXLkdI/cQjmG8UK8VQJAJ2GmzyPL
fwO9P1IFhBFV7eYAeoma3UuoeqH1/nDarPT6HPGVIZWILimgjKJSb8nNcYLSGijX
eL0GJ/rWk5BgUw==
END PRIVATE KEY
Generating the public key
As the private key is mathematically linked to the public key, it is possible to generate or derive the public key out of the private key. Taking the example of the preceding private key, the public key can be generated as shown here:
$ openssl rsa pubout in privatekey.pem out publickey.pem
writing RSA key
Public key can be viewed using a file reader or any text viewer, as shown here:
$ cat publickey.pem
BEGIN PUBLIC KEY
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7VcPniyPeaaIqjWDiZbd7nR+a
6u9CtKcMep1yYYWUbDA++u0QBY22U4YSd0Ag73fCu7PyL0dvSXqtyyBAzdrjPpwd
WROSOR6vdNUHNWi53kOATM0pc42EyBX66WF9OxKlrQHzqLpPs8aeSNds+L1dZAFP
1tliuD/fMWXPcXfFowIDAQAB
END PUBLIC KEY
Encrypting
Taking the public key generated, the command to encrypt a text file secret.txt can be constructed, as shown here:
openssl rsautl encrypt inkey publickey.pem pubin in secret.txt out secret.txt.rsa.enc
Decrypting
In order to decrypt the RSAencrypted file, using the private key, the following command can be used:
openssl rsautl decrypt inkey privatekey.pem in secret.txt.rsa.enc out secret.txt.rsa.dec