OpenSSL Tutorial Video-3 | Encryption using OpenSSL

Поділитися
Вставка
  • Опубліковано 15 гру 2024

КОМЕНТАРІ • 62

  • @yatharthjuneja
    @yatharthjuneja 2 роки тому

    Thanks Sam for helping out with these videos. Much appreciated.
    Especially this use case can be very handy in conducting POCs !

    • @CyberHashira
      @CyberHashira  2 роки тому

      Thank you Yatharth.. I'm glad this video was helpful to you.. There will be more contents like this.. Stay tuned !

  • @denimjeans2007
    @denimjeans2007 Рік тому

    perfect Video for beginners with all kind of options explained. You answered all my questionmarks (in my brain :) ) in few minutes, thanks for sharing !!!

  • @AlexS-ld8ys
    @AlexS-ld8ys 11 місяців тому

    Thank you for explaining so well! Im trying to learn Openssl and your vids have been of great help! Cheers!

    • @CyberHashira
      @CyberHashira  11 місяців тому +1

      I'm glad the videos are helpful; best wishes on your learning journey!

  • @BhavinMoriya-i8i
    @BhavinMoriya-i8i 6 місяців тому +2

    Hi. Thanks very much for the fantastic tutorial. You mentioned that using pbkdf2 approach is good cause the alg salt the password you enter (I did not see you enter the password -- I believe that you meant enc.key, didn't you?) You mentioned that 100k iterations are done and hash is calculated. I believe that the randomly choosing the one among the 100k is the reason for doing iterations. But in that case the decryption -- requiring the iter parameter exactly same as 100k does not make sense to me -- because it violates the randomness nature. I am writing this with the sole objective of learning. I really appreciate your work!!

    • @CyberHashira
      @CyberHashira  6 місяців тому +1

      Hello, you're welcome!
      Yes, 'enc.key' is a file containing the data that will be used as an input by PBKDF2, to derive an encryption key. I generated it using 'openssl rand -out enc.key 32'. The encryption key is not picked randomly from 100k iteration; it is the final result of 100k iterations.Therefore, changing the number of iteration would result in a different key value, causing decryption to fail. I hope this clear any doubts. good question 🙂
      I appreciate you taking time to watch my content.

    • @BhavinMoriya-i8i
      @BhavinMoriya-i8i 6 місяців тому

      @@CyberHashira Pleasure watching your series :) Just a quick question then -- how does iteration really impact the procedure? I mean -- how come 100k is better than just 10 iteration?

    • @CyberHashira
      @CyberHashira  6 місяців тому

      @@BhavinMoriya-i8i Iteration is the number of times a PRF is executed on an input data in PBKDF2. The more iterations, the more scrambled the output becomes. NIST recommends a minimum of 1,000 iterations for PBKDF2 (SP 800-132). A higher number of iterations increases the difficulty of guessing, calculating, brute-forcing, or reassembling the output back to the original input.
      Imagine that I have a piece of paper with some secret information printed on it. Instead of giving you that paper as it is, I tear it into many pieces. Which one do you think would be more difficult to reassemble: paper torn into 10, 100, or 1000 pieces?

  • @DeepakRamanath
    @DeepakRamanath Рік тому +1

    When you refer to 'password' during the usage of password based key derivation, are you referring to the key that is supplied as a file for encryption?

    • @CyberHashira
      @CyberHashira  Рік тому +1

      That is correct, password is used as a key for encryption in both cases. A password string or a string of characters inside a key file is used by OpenSSL for encrypting data.

    • @DeepakRamanath
      @DeepakRamanath Рік тому

      @@CyberHashira Thank you. Much appreciate for your reply.

  • @DeepakRamanath
    @DeepakRamanath Рік тому +1

    When an encrypted file is provided with the right symmetric key, but nothing is know about the type of encryption or algorithm used. How to determine these information via OpenSSL? Because without knowing if it’s AES or DES, decryption is not possible. Thanks

    • @CyberHashira
      @CyberHashira  Рік тому +2

      Good Question.. The answer is NO. It's not possible to know how a data was encrypted just by looking at that encrypted byte data.
      ..and you're right without knowing about the encryption algorithm, it's going to be difficult to decrypt an encrypted data. I view this as an extra security. 🙂
      Along with the encryption key, you also have to tell the other party about the algorithm used. Most programs and protocols do this by passing algorithm related info. For example, XML encryption passes algorithm info inside encrypted XML file. CMS passes this information inside enveloped data.

  • @worldwide6626
    @worldwide6626 Рік тому +1

    when did you create encryption.key file? What is inside that?

    • @CyberHashira
      @CyberHashira  Рік тому +1

      at 01:52 . openssl rand -out encryption.key 32.. don't use -hex

    • @worldwide6626
      @worldwide6626 Рік тому +1

      oh you're correct I'm sorry. Subscribed@@CyberHashira

    • @CyberHashira
      @CyberHashira  Рік тому

      @@worldwide6626 No problem, cheers!

  • @saifxt3508
    @saifxt3508 2 роки тому

    Thanks a lot That was Really Helpfull but what is the Differnte between Secret key and private key (between encryption.key and key.pri)

    • @CyberHashira
      @CyberHashira  2 роки тому +1

      I'm glad this video was helpful to you; encryption.key is contains the secret key data for encrypting using a Secret Key algorithm. Whereas key.pri contains the private key. Private key can decrypt and sign data. Public key can encrypt and verify.

  • @HutS-e5c
    @HutS-e5c 3 місяці тому +1

    Dose the encrypted file with a password (to produce Earth.enc file) include the hashed password in the header of the file so when I take it to a different computer or send it to someone, it can be decrypted on that new computer with the correct password? If so then I want to see that hashed password in Earth.enc. How can I do that? I want to see also in the header of the Earth.enc the random salt that was used when you added -pbkdf2.

    • @CyberHashira
      @CyberHashira  3 місяці тому

      encrypted file contains encrypted data and nothing else.

    • @HutS-e5c
      @HutS-e5c 3 місяці тому

      @@CyberHashira So how would openssl tool know if I do not entered the correct password or if I do not enter the correct -pbkdf2 flag or if I do not enter the correct number of -iter and as a result of that it writes to me an error message?
      Also, how does openssl know what random salt was used so when I want the openssl tool to remove the encryption for me, it adds that exact salt to the password that I enter (at the time I want to remove the encryption) and hash them together the correct number of times to decrypt the file for me?
      By the way, I found online that -pbkdf2 is called "Password Based Key Derivation Function 2" --- "Function" instead of "Format".

    • @CyberHashira
      @CyberHashira  3 місяці тому

      @@HutS-e5c openssl utility would expect the user to enter all required information correctly; failed cryptographic operations would return an error.

    • @HutS-e5c
      @HutS-e5c 3 місяці тому

      @@CyberHashira How the openssl utility get to know that the decryption failed to show me an error message? It is not a human. It would not know the difference between text that has meaning (to determine that the operation has succeeded) and gibberish (to determine that the operation has failed).

    • @CyberHashira
      @CyberHashira  3 місяці тому

      @@HutS-e5c padding scheme checks after decrypt is one way to see if decrypt was successful.

  • @ouness
    @ouness Рік тому

    Great explanation thanks

  • @satyauday9830
    @satyauday9830 Рік тому

    Is there any chance to get the same key while using 'openssl genrsa'?? I got the same-looking text

    • @CyberHashira
      @CyberHashira  Рік тому +1

      Likelihood is very slim but not impossible. Key are generated using PRNG. What do you mean by 'same-looking text'? same key as shown in the video?

  • @DeepakRamanath
    @DeepakRamanath Рік тому

    When I create random hex data with (256 - 11 = 245) bytes using OpenSSL and use it to encrypt with RSA, I get the padding error. However, when I instead use (256 - 12 = 244), it works. So, I started to wonder when the byte count is specified in OpenSSL (openssl rand -hex -out data 244), does the count start from 0, instead of 1? In which case 0 to 244 would be indeed 245 bytes in total. But it is not the case. When you specify openssl rand -hex 10 as an example, it generates exactly 10 bytes and not 11.

    • @CyberHashira
      @CyberHashira  Рік тому +1

      Are you sure you're generating 245 bytes of data? I think a non-readable character is getting introduced somewhere such as CRLF, CR, or LF.
      Also "openssl rand -hex -out data 244" to generate 244 bytes of data is wrong. -hex would encode data as hex string doubling the size of it.
      Please try "openssl rand -out data 244" instead. If you're using echo then please use -n
      echo -n "1234567812345678" is 16 bytes
      echo "1234567812345678" is 17 bytes

    • @DeepakRamanath
      @DeepakRamanath Рік тому

      @@CyberHashira Thanks for your timely response. Yes, I realised that -hex would double the byte length and the max I can use in this case is 122. However, with removing hex, I still have to use 244 binary bytes and not 245. I will try it on a different OpenSSL version and compare. Currently, I'm using 3.0.9

    • @DeepakRamanath
      @DeepakRamanath Рік тому

      @@CyberHashira Not using echo, just the openssl. "openssl rand -out data 245"

    • @CyberHashira
      @CyberHashira  Рік тому

      @@DeepakRamanath Interesting!
      I'm also using OpenSSL 3.0.9 and I don't see this issue happening (Ubuntu/Mac OS)..

    • @DeepakRamanath
      @DeepakRamanath Рік тому +1

      @@CyberHashira I retried everything from scratch, generating the data as well as the RSA keys and it worked with 245 bytes. Not sure what was happening previously. I'm on Fedora 38. Sorry for the confusion :)

  • @mm-wm6uh
    @mm-wm6uh 10 місяців тому

    can you explain what difference and correlation between openSSL and SHA256

    • @CyberHashira
      @CyberHashira  10 місяців тому

      Are you referring to the download page? You posted a similar comment on another one of my video..

    • @mm-wm6uh
      @mm-wm6uh 10 місяців тому

      @@CyberHashira yes it same question..but I still confuse what correlation between open ssl and sha256..sha256 create by NSA, open SSL create by different organization..or SHA256 is library of openSSL?

    • @CyberHashira
      @CyberHashira  10 місяців тому

      @@mm-wm6uh SHA1, SHA2 and SHA3 are all hashing algorithms. They're used for checking the integrity.. OpenSSL is a Cryptographic toolkit that has all algorithms implemented in it.
      If you're unaware of hashing then I'd strongly suggest learning some basic cryptography.. All the best!

    • @mm-wm6uh
      @mm-wm6uh 10 місяців тому

      @@CyberHashira so all the code or formula (SHA256) are inside of openSSL folder right?

    • @CyberHashira
      @CyberHashira  10 місяців тому

      @@mm-wm6uhyes, that is correct

  • @HutS-e5c
    @HutS-e5c 3 місяці тому

    You do not explain the meaning of:
    the exponent used in creating the private key, the modules
    the exponent and the 2 prime numbers, the coefficient that appear when you examine the private key
    the difference between digest-algorithms and cipher-algorithms

    • @CyberHashira
      @CyberHashira  3 місяці тому +1

      That's because the focus of this video is OpenSSL. I don't want to make a lengthy video covering every fundamental aspect, as there are plenty of other online resources available for that. If you're unfamiliar with terms like digests and ciphers, it might be helpful to start with those before diving into OpenSSL.

  • @pikachu3686
    @pikachu3686 9 місяців тому +2

    rengoku

    • @CyberHashira
      @CyberHashira  9 місяців тому +1

      iye, watashino namaywa Cyber Hashira desu.

    • @dono42
      @dono42 8 місяців тому +1

      @@CyberHashira Japanese doesn't have "ye" or "ay". You must mean "iie" (いいえ) and "namae" (名前) . Hi from Japan.

    • @CyberHashira
      @CyberHashira  8 місяців тому

      @@dono42 Gomenasai 🙂
      I've learned a bit of Japanese solely through watching anime for many years, so my Japanese is flawed in many areas. I appreciate the correction. Arigato gozaimasu. Kanpai