How can I encrypt a string in the shell?

20

15

Can I encrypt a message (string) using a public key at the command prompt? Also, how can I decrypt the result afterwards?

Rajesh

Posted 2009-08-10T09:52:21.267

Reputation:

Answers

28

Another option is openssl:

# generate a 2048-bit RSA key and store it in key.txt
openssl genrsa -out key.txt 2048

# encrypt "hello world" using the RSA key in key.txt
echo "hello world" | openssl rsautl -inkey key.txt -encrypt >output.bin

# decrypt the message and output to stdout
openssl rsautl -inkey key.txt -decrypt <output.bin

laalto

Posted 2009-08-10T09:52:21.267

Reputation: 579

+1 for openssl since it's more commonly installed than gpg is – Doug Harris – 2009-08-10T14:08:54.723

This is perfect - works on Mac, Alpine, anything... good work! – Jeremy Iglehart – 2018-10-19T23:32:19.780

yeah how about an example not using a file but an argument? – Alexander Mills – 2019-05-23T18:34:59.403

12

If you have gpg installed, this is an industrial-strength encryption method.

gpg --encrypt -r recipient@example.com >tempfile

Type data at the console and press Ctrl+D to end the text. This will give you encrypted data in tempfile. To decrypt:

gpg --decrypt <tempfile

You will need the passphrase for recipient@example.com to decrypt the message.

Greg Hewgill

Posted 2009-08-10T09:52:21.267

Reputation: 5 099

ok, so if the passphrase needs to be inputted interactively, how to do it non-interactively? How do this non-interactively? – Alexander Mills – 2019-05-23T18:35:53.850

`gpg --encrypt -r recipient@example.com >tempfile

gpg: error retrieving 'recipient@example.com' via WKD: No data gpg: recipient@example.com: skipped: No data gpg: [stdin]: encryption failed: No data ` ( I am on a mac) – Alexander Mills – 2019-05-23T18:36:14.517

6

  1. Generate a private/public key pair

    $ openssl genrsa -out rsa_key.pri 2048; openssl rsa -in rsa_key.pri -out rsa_key.pub -outform PEM -pubout

  2. Encrypt the string using public key, and store in a file 

    $ echo "stockexchange.com" | openssl rsautl -encrypt -inkey rsa_key.pub -pubin -out secret.dat

  3. Un-encrypt using private key

    $ string=`openssl rsautl -decrypt -inkey rsa_key.pri -in secret.dat `; echo $string
stockexchange.com

Kexin Z

Posted 2009-08-10T09:52:21.267

Reputation: 81

4

man crypt(1)

note:

crypt implements a one-rotor machine designed along the lines of the German Enigma, but with a 256-element rotor. Methods of attack on such machines are widely known, thus crypt provides minimal security.

But it's OK for demonstration purposes.

Nifle

Posted 2009-08-10T09:52:21.267

Reputation: 31 337

"Oracle Solaris 10 8/11 Information Library" – Sebas – 2017-01-26T09:12:51.637

Asked: 2009-08-10T09:52:21.267

Viewed: 42 073 times

Active: 2017-11-20T18:44:51.350