以下是关于如何使用OpenSSL和Linux(例如Redhat,Ubuntu,Debian,CentOS,Fedora等)加密和解密大文件的快速配置。首先,您需要的是某种任意文件。现在创建1GB文件:
$ fallocate -l 1G large_file.img
$ ls -lh large_file.img
-rw-r--r--. 1 lrendek lrendek 1.0G Jan 2 16:40 large_file.img
既然我们已经有了1GB大小的样本文件,接下来我们需要的是OpenSSL公钥和私钥对。这可以通过以下方式完成linux命令:
$ openssl req -x509 -nodes -newkey rsa:2048 -keyout private-key.pem -out public-key.pem
Generating a 2048 bit RSA private key
............................................+++
.....+++
writing new private key to 'private-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
无需回答上述任何问题,只需点击ENTER接着说。现在,您应该在当前工作目录中同时拥有私钥和公钥:
$ ls -l *.pem
-rw-rw-r--. 1 lrendek lrendek 1704 Jan 2 16:45 private-key.pem
-rw-rw-r--. 1 lrendek lrendek 1220 Jan 2 16:45 public-key.pem
请确保将私钥保存在保存位置,否则您将无法解密文件,并且其他人可能会解密文件。
(adsbygoogle = window.adsbygoogle || [])。push({});
使用OpenSSL加密大文件
现在我们准备使用OpenSSL加密工具解密大文件:
$ openssl smime -encrypt -binary -aes-256-cbc -in large_file.img -out large_file.img.dat -outform DER public-key.pem
上面的命令已加密您的large_file.img并将其存储为large_file.img.dat:
$ ls -l large_file.img*
-rw-r--r--. 1 lrendek lrendek 1073741824 Jan 2 16:40 large_file.img
-rw-rw-r--. 1 lrendek lrendek 1073742293 Jan 2 16:49 large_file.img.dat
我们可以使用md5sum对于这两个文件,以便我们在解密文件后可以进行比较:
$ md5sum large_file.img*
cd573cfaace07e7949bc0c46028904ff large_file.img
c4d8f1e868d1176d8aa5363b0bdf8e7c large_file.img.dat
使用OpenSSL解密大文件
$ openssl smime -decrypt -in large_file.img.dat -binary -inform DEM -inkey private-key.pem -out decrypted_large_file.img
上面的命令已经解密了我们以前加密的大文件,并将其存储为decrypted_large_file.img。让我们再次生成md5sum哈希以比较我们的结果:
$ md5sum *large_file.img*
cd573cfaace07e7949bc0c46028904ff decrypted_large_file.img
cd573cfaace07e7949bc0c46028904ff large_file.img
c4d8f1e868d1176d8aa5363b0bdf8e7c large_file.img.dat
从上面的输出中,您可以看到decrypted_large_file.img和原始的large_file.img都是一样的