Everything You Need To Know

Categories

How To Secure Your Personal Data By Encrypting It

The following steps will show you how to encrypt and decrypt your data using AES Encryption technique and the openssl tool in command line.

Before we begin the exciting journey to secure our sensitive data on our personal computers, let’s touch base on some relevant basic knowledge.

Understanding AES

AES ( Advanced Encryption Standard or Rijndael ) is a specification for encrypting electronic data established by the U.S National Institute of Standards and Technology. It is a symmetric encryption based of the block encryption algorithm.

AES supports five modes of encryption:

Cipher Block Chaining (CBC) mode has been the most commonly used mode of operation. With CBC mode, an Initialization Vector is used to encrypt the first plaintext block, then each plaintext block is XORed with the previous ciphertext block and encrypted. Its main drawbacks are that encryption cannot be parallelized.

Electronic Code Book (ECB) mode is the simplest of the five encryption modes. With ECB, the message is divided into blocks, and each block is encrypted separately.  ECB is outdated and its use is not recommended in a cryptographic protocol.

Cipher Feedback (CFB) mode, similar to CBC mode, the previous ciphertext block is encrypted and the output is XORed with the current plaintext block to create the current ciphertext block. CFB mode uses an initial chaining vector (ICV) and operates on segments instead of blocks. In its simplest form, CFB uses the entire output of the block cipher.

Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error-correcting codes to function normally even when applied before encryption. 

Counter (CTR) mode is well suited to operate on a multi-processor machine, where blocks can be encrypted in parallel. Like OFB, counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a “counter”. The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular

We will be using Cipher Block Chaining (CBC) mode to encrypt our files.

Installing OpenSSL

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. OpenSSL supports many different cryptographic operations, such as symmetric key encryption, public/private key pair generation, public-key encryption, hash functions, digital signatures, etc.

To use OpenSSL on your system, follow one of the given steps below:

Linux

OpenSSL comes pre-installed on most linux distributions. To check if OpenSSL is installed, run the following command:

which openssl

If you get zero output, you can install openssl as follows.

First, update and upgrade the apt package manager:

sudo apt-get update; sudo apt-get upgrade

second, install openssl:

sudo apt-get install openssl

Windows

you can install openssl on windows by following the instructions in the article provided:

Mac

to install openssl on Mac OS, you can simply run the folowing command in the command line:

brew install openssl

ENCRYPTING YOUR DATA/FILE

Now that we have covered the necessary basic knowledge, we’re all set up to begin securing our personal data.  Let’s start the show.

To begin encrypting your data, run the following command:

openssl enc -aes-256-cbc -a -A -md sha512 -pbkdf2 -iter 250000 -salt -in InputFilePath -out OutputFilePath

After the command is executed, you’ll be prompted to set a passphrase. The passphrase is required to decrypt the data and it is virtually impossible to decrypt the file without the passphrase, even with brute force.

Encryption Command Breakdown:

  • enc

    Used to specify the cipher name

  • aes-256-cbc

    The cipher name along with the mode of operation which is CBC (Cipher Block Chaining) mode

  • a

    Used for Base64 encode/decode

  • A

    Used with -a to specify base64 buffer as a single line

  • md

    sha512 specifies which digest to use for the generation of the key from the passphrase. The default value from version 1.1.0 is SHA256. Before version 1.1.0 MD5 was the default digest

  • pbkdf2

    Specifies to use PBKDF2 (Password-Based Key Derivation Function 2) algorithm

  • iter 250000

    Used to override the default count of iterations for the password. High values increase the time required to brute-force the resulting file. This option enables the use of the PBKDF2 algorithm to derive the key

  • salt

    Use salt in Key Derivation Function (KDF). This is the default behaviour and thus this option is not required.

DECRYPTING YOUR DATA/FILE

To decrypt your data/file, use the same commands for encryption, but with a -d option in it, as follows:

openssl enc -aes-256-cbc -a -A -d -md sha512 -pbkdf2 -iter 250000 -salt -in InputFilePath -out OutputFilePath

Note:

The above commands to encrypt and decrypt only works on single files. To encrypt/decrypt multiple files, you’ll need to first convert it into a tar file, then run the same commands on the tar file.

You should now have the knowledge to secure your data/file for your eyes only.

One Love, and be secured in the matrix.

Learn More and Grow!

Get the latest articles, ideas and digital business solutions.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

3 Responses

  1. Your article made me suddenly realize that I am writing a thesis on gate.io. After reading your article, I have a different way of thinking, thank you. However, I still have some doubts, can you help me? Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights