Giter Club home page Giter Club logo

aes-command-line's Introduction

aes-command-line

This is simple command line scripts for file encryption/decryption.

It is just two tiny shell scripts, that call openssl enc using symmetric cipher AES-256 in CBC mode.

Deprecation Notice

There are a number of problems with key derivation in OpenSSL: only newer versions support PBKDF2 and modern hashing functions.

LibreSSL 2.8.3 on macOS Catalina โ€” does not support this as of August 2020.

Moreover, the file format of encrypted files is not versioned and does not contain information about key derivation, hash function or number of interations.

This is not the thing I would like to fix in a shell script.

Seek other encryption tools, for example: https://age-encryption.org/

If you still want to use this โ€” read comment about CRYPTO_ARGS variable in aes-encrypt.sh

The defaults (-md md5) there are for compatiblity with older versions of OpenSSL and are not secure at all.

Usage

# aes-encrypt <file>

  • encrypts file using aes-256-cbc with salt
  • write the result to .aes in the same directory
  • delete original file

# aes-encrypt <file>.aes

  • decrypts file encrypted with aes-encrypt
  • write the result to (without aes extension) in the same directory
  • delete encrypted file

Installation

run "sh install.sh"

  • will copy scripts as "aes-encrypt" and "aes-decrypt" to /usr/local/bin
  • use DESTDIR environment variable for other locations
  • To install to your home directory bin use

DESTDIR=~ sh install.sh

Tests

  • Uses OpenSSL, as secure as aes-256-cbc
  • Works on Mac

aes-command-line's People

Contributors

andrianbdn avatar

Stargazers

 avatar  avatar

Watchers

 avatar  avatar

Forkers

serjepatoff

aes-command-line's Issues

Not compatible with newer versions of OpenSSL

If you decrypt a file with OpenSSL 1.1.1 that was encoded with 1.0.2g:

enter aes-256-cbc decryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
139936583193024:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:537:

Due to option changes of OpenSSL. MD5 is no longer the default hashing algorithm. Adding "-md md5" if you have an old file fixes this. Adding "-md sha256" Should make it compatible for both versions but that hashing algorithm is no longer considered secure!

Also the "shebang" is "#/bin/sh" but in fact its a bash script so they should have "/bin/bash"

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.