环境:
[root@NFS-Client-01 ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@NFS-Client-01 ~]# uname -m
x86_64
[root@NFS-Client-01 ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
NAME(名字)
enc – symmetric cipher routines 对称加密例程
SYNOPSIS(概要)
openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e]
[-d] [-a/-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv
IV] [-S salt] [-salt] [-nosalt] [-z] [-md] [-p] [-P] [-bufsize number]
[-nopad] [-debug] [-none] [-engine id]
DESCRIPTION(描述)
The symmetric cipher commands allow data to be encrypted or decrypted
using various block and stream ciphers using keys based on passwords or
explicitly provided. Base64 encoding or decoding can also be performed
either by itself or in addition to the encryption or decryption.
对称密码命令允许数据被加密或解密,使用各种块和流密码使用基于密码或密钥
显式地提供。Base64编码或解码也可以执行本身或加密或解密。
OPTIONS(常用选项)
-in filename
the input filename, standard input by default.
#指定要加密的文件
-out filename
the output filename, standard output by default.
#指定要输出的加密后的文件
-salt
use a salt in the key derivation routines. This is the default.
#-salt 加盐,这是开启的默认选项,使用-nosalt已明确关闭此选项,除非为了兼容性的考虑,否则在新程序中请使
#用此选项。这是一个神奇的选项,加盐后,相同的明文可以得到不同的密文。
#默认情况下,盐值是随机生成的,可以使用-S选项明确指定盐值。
-e encrypt the input data: this is the default.
#加密
-d decrypt the input data.
#解密
-a base64 process the data. This means that if encryption is taking
place the data is base64 encoded after encryption. If decryption is
set then the input data is base64 decoded before being decrypted.
# 对加密后的数据进行base64编码,或解密前,先对数据进行base64解码。 -base64与-a选项相同。
-k password
the password to derive the key from. This is for compatibility with
previous versions of OpenSSL. Superseded by the -pass argument.
#-k,传统输入密码的方式,-k 123 相当与 -pass pass:123
-pass arg
the password source. For more information about the format of arg
see the PASS PHRASE ARGUMENTS section in openssl(1).(非交互式)
#-pass 提供了几种传入密码的方式
-pass pass:”123″ #密码是123
-pass pass:123 #密码是123
-pass evn:VAR #密码从环境变量VAR中去
-pass file:p.txt #密码从文件p.txt第一行去,不包括换行符,注意DOS格式的^M及回车符。
-pass fd:3 #密码从文件描述符3中读
-pass stdin #标准输入
算法
除了常见的des3外,openssl还提供了很多其他算法
SUPPORTED CIPHERS
Note that some of these ciphers can be disabled at compile time and
some are available only if an appropriate engine is configured in the
configuration file. The output of the enc command run with unsupported
options (for example openssl enc -help) includes a list of ciphers,
supported by your versesion of OpenSSL, including ones provided by
configured engines.
base64 Base 64
bf-cbc Blowfish in CBC mode
bf Alias for bf-cbc
bf-cfb Blowfish in CFB mode
bf-ecb Blowfish in ECB mode
bf-ofb Blowfish in OFB mode
cast-cbc CAST in CBC mode
cast Alias for cast-cbc
cast5-cbc CAST5 in CBC mode
cast5-cfb CAST5 in CFB mode
cast5-ecb CAST5 in ECB mode
cast5-ofb CAST5 in OFB mode
des-cbc DES in CBC mode
des Alias for des-cbc
des-cfb DES in CBC mode
des-ofb DES in OFB mode
des-ecb DES in ECB mode
des-ede-cbc Two key triple DES EDE in CBC mode
des-ede Two key triple DES EDE in ECB mode
des-ede-cfb Two key triple DES EDE in CFB mode
des-ede-ofb Two key triple DES EDE in OFB mode
des-ede3-cbc Three key triple DES EDE in CBC mode
des-ede3 Three key triple DES EDE in ECB mode
des3 Alias for des-ede3-cbc
des-ede3-cfb Three key triple DES EDE CFB mode
des-ede3-ofb Three key triple DES EDE in OFB mode
desx DESX algorithm.
gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
idea-cbc IDEA algorithm in CBC mode
idea same as idea-cbc
idea-cfb IDEA in CFB mode
idea-ecb IDEA in ECB mode
idea-ofb IDEA in OFB mode
rc2-cbc 128 bit RC2 in CBC mode
rc2 Alias for rc2-cbc
rc2-cfb 128 bit RC2 in CFB mode
rc2-ecb 128 bit RC2 in ECB mode
rc2-ofb 128 bit RC2 in OFB mode
rc2-64-cbc 64 bit RC2 in CBC mode
rc2-40-cbc 40 bit RC2 in CBC mode
rc4 128 bit RC4
rc4-64 64 bit RC4
rc4-40 40 bit RC4
rc5-cbc RC5 cipher in CBC mode
rc5 Alias for rc5-cbc
rc5-cfb RC5 cipher in CFB mode
rc5-ecb RC5 cipher in ECB mode
rc5-ofb RC5 cipher in OFB mode
aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
aes-[128|192|256] Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
实例:
[root@NFS-Server test]# openssl enc -des3 -salt -a -pass pass:123456 -in 1.txt -out 1_des3.txt
[root@NFS-Server test]# cat 1_des3.txt
U2FsdGVkX19vdnyFWOZe32uJNMPSbzjd99fKCC4hSW9IFy78PEh7+Q==
[root@NFS-Server test]# ls
1.txt 1_des3.txt
[root@NFS-Server test]# rm -f 1.txt
[root@NFS-Server test]# openssl enc -des3 -salt -a -d -pass pass:123456 -in 1_des3.txt -out 1.txt
[root@NFS-Server test]# ll
total 8
-rw-r--r--. 1 root root 17 Jan 27 22:14 1.txt
-rw-r--r--. 1 root root 57 Jan 27 22:13 1_des3.txt
[root@NFS-Server test]# cat 1.txt
my name is teddy