https://strudel.pld.ttu.ee/wiki/e/api.php?action=feedcontributions&feedformat=atom&user=MarekATI public wiki - User contributions [en]2026-04-13T16:41:30ZUser contributionsMediaWiki 1.26.4https://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3136Arvutiklassi vanad arvutid2023-08-16T12:29:59Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" bgcolor="lightgreen"| 0 || align="right" bgcolor="lightgreen"| 0<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 komplekt<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti || 2 komplekti<br />
|-<br />
| Konstantin Shibin || 1 komplekt || 1 komplekt<br />
|-<br />
| Mairo Leier || 1 komplekt || 1 komplekt <br />
|-<br />
| Priit Ruberg || 1 komplekt || 1 komplekt<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt || 1 komplekt<br />
|-<br />
| Natalia Cherezova || 1 komplekt || 1 komplekt<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt || 1 komplekt<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti || 2 komplekti<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti || 1 arvuti<br />
|-<br />
| Karl Janson || 2 arvutit || 2 arvutit<br />
|-<br />
| Gert Toming || 1 komplekt || 1 komplekt<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3135Arvutiklassi vanad arvutid2023-08-16T12:08:59Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 4 || align="right" | 2<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 komplekt<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti || 2 komplekti<br />
|-<br />
| Konstantin Shibin || 1 komplekt || 1 komplekt<br />
|-<br />
| Mairo Leier || 1 komplekt || 1 komplekt <br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt || 1 komplekt<br />
|-<br />
| Natalia Cherezova || 1 komplekt || 1 komplekt<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti || 2 komplekti<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti || 1 arvuti<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt || 1 komplekt<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3134Arvutiklassi vanad arvutid2023-08-16T12:08:17Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 4 || align="right" | 3<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 komplekt<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti || 2 komplekti<br />
|-<br />
| Konstantin Shibin || 1 komplekt || 1 komplekt<br />
|-<br />
| Mairo Leier || 1 komplekt || 1 komplekt <br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt || 1 komplekt<br />
|-<br />
| Natalia Cherezova || 1 komplekt || 1 komplekt<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti || 2 komplekti<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti || 1 arvuti<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt || 1 komplekt<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3133Arvutiklassi vanad arvutid2023-08-16T11:42:40Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 7 || align="right" | 5<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti || 2 komplekti<br />
|-<br />
| Konstantin Shibin || 1 komplekt || 1 komplekt<br />
|-<br />
| Mairo Leier || 1 komplekt || 1 komplekt <br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt || 1 komplekt<br />
|-<br />
| Natalia Cherezova || 1 komplekt || 1 komplekt<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti || 1 arvuti<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt || 1 komplekt<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3132Arvutiklassi vanad arvutid2023-08-16T11:34:40Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 8 || align="right" | 6<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti || 2 komplekti<br />
|-<br />
| Konstantin Shibin || 1 komplekt || 1 komplekt<br />
|-<br />
| Mairo Leier || 1 komplekt || 1 komplekt <br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt || 1 komplekt<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti || 1 arvuti<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt || 1 komplekt<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3131Arvutiklassi vanad arvutid2023-08-16T11:08:40Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 10 || align="right" | 8<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti || 2 komplekti<br />
|-<br />
| Konstantin Shibin || 1 komplekt || 1 komplekt<br />
|-<br />
| Mairo Leier || 1 komplekt || 1 komplekt <br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti || 1 arvuti<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3130Arvutiklassi vanad arvutid2023-08-16T10:50:17Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 14 || align="right" | 11<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt || 1 komplekt <br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3129Arvutiklassi vanad arvutid2023-08-16T10:33:25Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 15 || align="right" | 12<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori || 3 monitori<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt || 1 komplekt<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3128Arvutiklassi vanad arvutid2023-08-16T09:59:33Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 16 || align="right" | 16<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 5 komplekti + 2 arvutit<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3127Arvutiklassi vanad arvutid2023-08-16T09:28:07Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 17 || align="right" | 15<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 6 komplekti<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti || 2 komplekti<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3126Arvutiklassi vanad arvutid2023-08-16T07:51:05Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="red"| 33 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 19 || align="right" | 17<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 5 komplekti + 2 arvutit || 6 komplekti<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| Gert Toming || 1 komplekt ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3125Arvutiklassi vanad arvutid2023-08-15T15:38:57Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" bgcolor="lightgreen"| 31 || align="right" bgcolor="red"| 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 19 || align="right" | 17<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 6 komplekti || 6 komplekti<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3124Arvutiklassi vanad arvutid2023-08-15T15:34:45Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 31 || align="right" | 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 19 || align="right" | 17<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti || 1 komplekt + 1 arvuti<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 6 komplekti || 6 komplekti<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3123Arvutiklassi vanad arvutid2023-08-15T15:24:23Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 31 || align="right" | 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 21 || align="right" | 18<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti || 2 komplekti<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 6 komplekti || 6 komplekti<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3122Arvutiklassi vanad arvutid2023-08-15T14:58:26Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 31 || align="right" | 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 23 || align="right" | 20<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti ||<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 6 komplekti || 6 komplekti<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor || 2 komplekti + 1 monitor<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3121Arvutiklassi vanad arvutid2023-08-15T14:40:13Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 31 || align="right" | 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 25 || align="right" | 23<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti ||<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor || 1 komplekt + 1 monitor<br />
|-<br />
| Harri Lensen || 6 komplekti || 6 komplekti<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor ||<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3120Arvutiklassi vanad arvutid2023-08-15T14:23:14Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 31 || align="right" | 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 32 || align="right" | 30<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt + 1 arvuti||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti ||<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor ||<br />
|-<br />
| Harri Lensen || 6 komplekti ||<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor ||<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3119Arvutiklassi vanad arvutid2023-08-15T14:05:28Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 30 || align="right" | 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 32 || align="right" | 30<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt ||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti ||<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor ||<br />
|-<br />
| Harri Lensen || 6 komplekti ||<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor ||<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| Anton Tšertov || 1 arvuti ||<br />
|-<br />
| Karl Janson || 2 arvutit ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3118Arvutiklassi vanad arvutid2023-08-15T13:50:05Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 27 || align="right" | 33<br />
|-<br />
| align="right" | Järgi on: || align="right" | 32 || align="right" | 30<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt ||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti ||<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor ||<br />
|-<br />
| Harri Lensen || 6 komplekti ||<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor ||<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| Elizaveta Dubrovinskaya || 2 komplekti ||<br />
|-<br />
| Jürgen Soom || 2 komplekti ||<br />
|-<br />
| Saleh Ragheb Saleh Alsaleh || 1 komplekt ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3117Arvutiklassi vanad arvutid2023-08-15T13:38:30Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
{| class=wikitable <br />
! !! arvuteid !! monitore<br />
|-<br />
| align="right" | Reserveeritud: || align="right" | 22 || align="right" | 28<br />
|-<br />
| align="right" | Järgi on: || align="right" | 32 || align="right" | 30<br />
|-<br />
|}<br />
<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt ||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti ||<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor ||<br />
|-<br />
| Harri Lensen || 6 komplekti ||<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor ||<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3116Arvutiklassi vanad arvutid2023-08-15T13:20:48Z<p>Marek: /* Soovijad */</p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
<br />
Järgi on: 32 arvutit 30 monitori<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable" style="margin:auto" align="left"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt ||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| Konstantin Shibin || 1 komplekt ||<br />
|-<br />
| Mairo Leier || 1 komplekt ||<br />
|-<br />
| Priit Ruberg || 1 komplekt ||<br />
|-<br />
| Risto Heinsar || 2 komplekti ||<br />
|-<br />
| Peeter Ellervee || 1 komplekt + 1 monitor ||<br />
|-<br />
| Harri Lensen || 6 komplekti ||<br />
|-<br />
| Asko Ristolainen || 1 komplekt ||<br />
|-<br />
| Natalia Cherezova || 1 komplekt ||<br />
|-<br />
| Hardi Selg || 2 komplekti + 1 monitor ||<br />
|-<br />
| Marek Mandre || 1 komplekt ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3115Arvutiklassi vanad arvutid2023-08-15T12:41:33Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
<br />
Järgi on: 32 arvutit 30 monitori<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable" style="margin:auto" align="left"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Instituut ise || 1 komplekt || igaks juhuks varuks<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt ||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| Artur Jutman || 2 komplekti ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3114Arvutiklassi vanad arvutid2023-08-15T12:39:30Z<p>Marek: /* Soovijad */</p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
<br />
Järgi on: 33 arvutit 31 monitori<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable" style="margin:auto" align="left"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
| Maksim Jenihhin || 1 komplekt ||<br />
|-<br />
| Aleksei Tepljakov || 3 monitori ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|-<br />
| || ||<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3113Arvutiklassi vanad arvutid2023-08-15T12:37:27Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
<br />
Järgi on: 33 arvutit 31 monitori<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
{| class="wikitable" style="margin:auto" align="left"<br />
|-<br />
! Nimi !! küsitud !! kätte antud<br />
|-<br />
| Katrin Tõemets || 1 komplekt || 1 monitor, arvuti on ootel<br />
|-<br />
| Mohammad Hasan Ahmadilivani || 1 monitor || 1 monitor<br />
|-<br />
|}</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3112Arvutiklassi vanad arvutid2023-08-15T12:31:15Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=== Vanad ICT-501 klassi arvutid ===<br />
<br />
33 komplekti: arvuti + monitor + klaviatuur + hiir.<br />
<br />
<br />
Järgi on: 33 arvutit 31 monitori<br />
<br />
==== Arvuti ====<br />
'HP EliteDesk 800 G3 SFF'<br />
* i5-7500 CPU<br />
* 16GB RAM<br />
* NVIDIA GT720 GPU<br />
* 512GB SSD, suht surnud (kulunud)<br />
* 1TB 5200RPM 'green' HDD, super aeglane<br />
==== Monitor ====<br />
'Monitor AOC U2879VF 28" 4K'<br />
* 28" ekraani diameeter<br />
* 3840x2160 resolutsioon<br />
* HDMI input<br />
* DP input<br />
* VGA input<br />
* DVI input<br />
<br />
=== Soovijad ===<br />
<br />
* Katrin Tõemets : 1 komplekt. Käes: 1 monitor, arvuti on ootel.<br />
* Mohammad Hasan Ahmadilivani : 1 monitor. Käes: 1 monitor.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Arvutiklassi_vanad_arvutid&diff=3111Arvutiklassi vanad arvutid2023-08-15T10:57:04Z<p>Marek: Created page with "."</p>
<hr />
<div>.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Blist2&diff=3103Blist22022-11-27T14:27:09Z<p>Marek: Replaced content with "__FORCETOC__"</p>
<hr />
<div>__FORCETOC__</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Blist&diff=3102Blist2022-11-27T14:26:11Z<p>Marek: Replaced content with "__FORCETOC__"</p>
<hr />
<div>__FORCETOC__</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=CAD_tarkvara&diff=3093CAD tarkvara2022-04-20T10:51:36Z<p>Marek: </p>
<hr />
<div>Enamus tarkvara pärineb meil EUROPRACTICE'st , http://www.europractice.stfc.ac.uk/index.html#vendors<br />
<br />
----<br />
*[[Cadence]] , http://www.europractice.stfc.ac.uk/tools/cadence.html<br />
**IC Package : 13 litsentsi<br />
**Combined IC & Systems Package : 2 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*Siemens Mentor Graphics , http://www.europractice.stfc.ac.uk/tools/siemens.html<br />
**Full Siemens Mentor Graphics Suite: 40 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*Synopsys , http://www.europractice.stfc.ac.uk/tools/synopsys.html<br />
**Front End and Verification Suite : 9 litsentsi<br />
**Analogue Simulation & Modelling Suite : 4 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*AMD Xilinx , http://www.europractice.stfc.ac.uk/tools/xilinx.html<br />
**Vivado Suite : 50 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*Intel Quartus , http://www.europractice.stfc.ac.uk/tools/intel_fpga.html<br />
**Quartus : 10 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*[http://www.goepel.com Goepel] : 10 litsentsi<br />
<br />
:kontaktisik: Sergei Devadze , ICT-506</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=CAD_tarkvara&diff=3092CAD tarkvara2022-04-20T10:47:29Z<p>Marek: </p>
<hr />
<div>Enamus tarkvara pärineb meil EUROPRACTICE'st , http://www.europractice.stfc.ac.uk/index.html#vendors<br />
<br />
----<br />
*[[Cadence]] , http://www.europractice.stfc.ac.uk/tools/cadence.html<br />
**IC Package : 13 litsentsi<br />
**Combined IC & Systems Package : 2 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*Siemens Mentor Graphics , http://www.europractice.stfc.ac.uk/tools/siemens.html<br />
**Full Siemens Mentor Graphics Suite: 40 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*Synopsys , http://www.europractice.stfc.ac.uk/tools/synopsys.html<br />
**Front End and Verification : 9 litsentsi<br />
**Analogue Simulation & Modelling Suite : 4 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*AMD Xilinx , http://www.europractice.stfc.ac.uk/tools/xilinx.html<br />
**Vivado Suite : 50 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*Intel Quartus , http://www.europractice.stfc.ac.uk/tools/intel_fpga.html<br />
**Quartus : 10 litsentsi<br />
<br />
:kontaktisik: Marek Mandre , ICT-515<br />
<br />
----<br />
*[http://www.goepel.com Goepel] : 10 litsentsi<br />
<br />
:kontaktisik: Sergei Devadze , ICT-506</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=CAD_tarkvara&diff=3091CAD tarkvara2022-04-20T10:41:21Z<p>Marek: </p>
<hr />
<div>Enamus tarkvara pärineb meil EUROPRACTICE'st , http://www.europractice.stfc.ac.uk/index.html#vendors<br />
<br />
----<br />
*[[Cadence]] , http://www.europractice.stfc.ac.uk/tools/cadence.html<br />
**IC Package : 13 litsentsi<br />
**Combined IC & Systems Package : 2 litsentsi<br />
<br />
----<br />
*Siemens Mentor Graphics , http://www.europractice.stfc.ac.uk/tools/siemens.html<br />
**Full Siemens Mentor Graphics Suite: 40 litsentsi<br />
<br />
----<br />
*Synopsys , http://www.europractice.stfc.ac.uk/tools/synopsys.html<br />
**Front End and Verification : 9 litsentsi<br />
**Analogue Simulation & Modelling Suite : 4 litsentsi<br />
<br />
----<br />
*AMD Xilinx , http://www.europractice.stfc.ac.uk/tools/xilinx.html<br />
**Vivado Suite : 50 litsentsi<br />
<br />
----<br />
*[http://www.goepel.com Goepel] : 10 litsentsi<br />
<br />
kontaktisik: Sergei Devadze , ICT-506</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3014RRDTool2020-09-10T16:11:00Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD==<br />
<br />
Appears due to broken NFS locks<br />
<br />
Usually after abnormal network outage between NFS storage server and client system where RRDTOOL works<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
<br />
cp dbase.rrd.old dbase.rrd<br />
<br />
rm dbase.rrd.old<br />
<br />
</code><br />
<br />
===Another fix===<br />
restart both systems</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3013RRDTool2020-09-10T16:10:44Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD==<br />
<br />
Appears due to broken NFS locks<br />
<br />
Usually after abnormal network outage between NFS storage server and client system where RRDTOOL works<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
<br />
cp dbase.rrd.old dbase.rrd<br />
<br />
rm dbase.rrd.old<br />
<br />
</code><br />
<br />
===Another fix===<br />
restart both servers</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3012RRDTool2020-09-10T16:10:08Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD==<br />
<br />
Appears due to broken NFS locks<br />
<br />
Usually after abnormal network outage between NFS storage server and client system where RRDTOOL works<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
<br />
cp dbase.rrd.old dbase.rrd<br />
<br />
rm dbase.rrd.old<br />
<br />
</code></div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3011RRDTool2020-09-10T16:10:01Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD==<br />
<br />
Appears due to broken NFS locks<br />
Usually after abnormal network outage between NFS storage server and client system where RRDTOOL works<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
<br />
cp dbase.rrd.old dbase.rrd<br />
<br />
rm dbase.rrd.old<br />
<br />
</code></div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3010RRDTool2020-09-10T16:08:05Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD==<br />
<br />
Appears due to broken NFS locks<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
<br />
cp dbase.rrd.old dbase.rrd<br />
<br />
rm dbase.rrd.old<br />
<br />
</code></div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3009RRDTool2020-09-10T16:07:06Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD==<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
<br />
cp dbase.rrd.old dbase.rrd<br />
<br />
rm dbase.rrd.old<br />
<br />
</code></div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3008RRDTool2020-09-10T16:06:54Z<p>Marek: /* Fix */</p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD===<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
<br />
cp dbase.rrd.old dbase.rrd<br />
<br />
rm dbase.rrd.old<br />
<br />
</code></div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=RRDTool&diff=3007RRDTool2020-09-10T16:06:16Z<p>Marek: Created page with "__TOC__ =RRDTOOL= ==ERROR: could not lock RRD=== ===Fix=== <code> mv dbase.rrd dbase.rrd.old cp dbase.rrd.old dbase.rrd rm dbase.rrd.old </code>"</p>
<hr />
<div>__TOC__<br />
<br />
=RRDTOOL=<br />
<br />
==ERROR: could not lock RRD===<br />
<br />
===Fix===<br />
<code><br />
mv dbase.rrd dbase.rrd.old<br />
cp dbase.rrd.old dbase.rrd<br />
rm dbase.rrd.old<br />
</code></div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=Areng20-30&diff=2893Areng20-302019-12-18T12:41:44Z<p>Marek: /* 2020 */</p>
<hr />
<div>__FORCETOC__<br />
<br />
==Ühekordsed suured kulutused==<br />
<br />
näit. mingi teadusprojekti väga spetsiifilise vahendi ühekordne ost, uue tarkvara baasmaksed, etc<br />
<br />
==Korduvad suured kulutused pikema ajavahemiku tagant==<br />
<br />
IT baas-infrastruktuur : võrguseadmed, serverid, serverite tarkvara, arvutitöökohad, printerid, laptopid etc.<br />
<br />
<br />
<br />
==== 2020 ====<br />
<br />
<br />
# viienda (5.) korruse suurte printerite vahetus, instituudi tasemel<br />
#: Xerox WorkCentre 7220 järgmine uusim põlvkond ja Xerox Phaser 3600 järgmine uusim põlvkond<br />
#: kokku 3 printerit, 1 mustvalge ja 2 värvilist multifunktsionaalset<br />
#* 1x Xerox VersaLink B610/DT [[http://www.office.xerox.com/latest/VB6BR-01U.pdf specs]] [[https://www.shop.xerox.com/versalink-b610-dt shop]] ~1k +km<br />
#* 2x Xerox VersaLink C7030 Colour Multifunction Printer [[https://www.office.xerox.com/latest/VC7SS-01.PDF specs]] [[https://www.markit.eu/ee/en/xerox-versalink-c7020-c7025-c7030-base-unit-colour/v2p13876724 shop]] à ~3k +km<s><br />
# üks täiendav TOR 10/40/100G switch serveriruumi, teaduskonna tasemel<br />
#: eelduste kohaselt 15000 EUR<br />
#: Extreme Networks X690-48X-2Q-4C [[https://cloud.kapostcontent.net/pub/44317954-ef18-4082-8714-3b22a9540f32/x690-data-sheet.pdf?kui=t3jIjd3uJZgg-RyyxO3sWg specs]] [[https://www.markit.eu/ee/en/extreme-networks-summit-x690-48x-2q-4c-switch/v2p14481496 shop]] ~15k +km</s><br />
# üks paar TOR 25/100G switche serveriruumi koos rack kit'ga, teaduskonna tasemel, RDMA (RoCE v2) tehnoloogia kasutuselevõtuks, testimiseks ja infrastruktuuri arendamiseks<br />
#: eelduste kohaselt 17800 EUR<br />
#: Mellanox MSN2010-CB2R [[https://www.mellanox.com/related-docs/prod_eth_switches/PB_SN2010.pdf specs]] [[https://store.mellanox.com/products/mellanox-msn2010-cb2r-spectrum-based-10-25gbe-and-100gbe-1u-open-ethernet-switch-with-mellanox-onyx-18-sfp28-ports-and-4-qsfp28-ports-rohs6.html store]] á 8590+km <br />
# kuus 25G võrgukaarti teaduskonna serveritele, teaduskonna tasemel, RDMA (RoCE v2) tehnoloogia kasutuselevõtuks, testimiseks ja infrastruktuuri arendamiseks<br />
#: eelduste kohaselt 3260 EUR<br />
#: Mellanox MCX512A-ADAT ConnectX-5 dual port [[http://www.mellanox.com/related-docs/prod_adapter_cards/PB_ConnectX-5_EN_Card.pdf specs]] [[https://store.mellanox.com/products/mellanox-mcx512a-adat-connectx-5-ex-en-network-interface-card-25gbe-dual-port-sfp28-pcie3-0-4-0-x8-tall-bracket.html store]] á 543+km<br />
# kaks 100G võrgukaarti teaduskonna serveritele, teaduskonna tasemel, RDMA (RoCE v2) tehnoloogia kasutuselevõtuks, testimiseks ja infrastruktuuri arendamiseks<br />
#: eeduste kohaselt 1714 EUR<br />
#: Mellanox MCX516A-CCAT ConnectX-5 dual port [[http://www.mellanox.com/related-docs/prod_adapter_cards/PB_ConnectX-5_EN_Card.pdf specs]] [[https://store.mellanox.com/products/mellanox-mcx516a-ccat-connectx-5-en-network-interface-card-100gbe-dual-port-qsfp28-pcie3-0-x16-tall-bracket-rohs-r6.html store]] á 858+km<br />
# DAC 25G/100G kaablid TOR switchide ja serverite ühendamiseks, 16tk 5m pikkused, ca 1050+km<br />
#: FS.COM Mellanox certified DAC [[https://www.fs.com/de-en/products/65856.html 25G]] [[https://www.fs.com/de-en/products/72705.html 100G]]<br />
# kuue arvutitöökoha uuendamine, instituudi tasemel<br />
#* viimase põlvkonna PC koos monitoride, monitoride lauakinnituse, hiire ja klaviatuuriga ~2k +km<br />
# nelja laptopi uuendamine, instituudi tasemel<br />
#* viimase põlvkonna laptop ~1k +km<br />
# viienda (5.) korruse arvutivõrgu areng 10G suunas, instituudi tasemel<br />
#* üks 1G/2.5G/5G/10G ja 20 või enama pordiga switch millel QSFP+/SFP+ uplink<br />
#: NETGEAR Smart Managed Plus XS724EM [[https://www.netgear.com/business/products/switches/web-managed/XS724EM.aspx#tab-techspecs specs]] [[https://www.markit.eu/ee/en/netgear-smart-managed-plus-xs724em-switch-smart-22/v2p15411585 shop]] ~1.6k +km<br />
#* kümme 1G/2.5G/5G/10G võrgukaarti<br />
#: ASUS XG-C100C network adapter [[https://www.asus.com/Networking/XG-C100C/specifications specs]] [[https://www.markit.eu/ee/en/asus-xg-c100c-network-adapter-pcie-10gb-ethernet/v2p14308330c150306 shop]] ~85€ +km<br />
#* kakskümmend CAT6A patch kaablit à 5€<br />
# IBM Storwize v3700 laienduskast koos kettaseadmete ja ühenduskaablitega<br />
#: eelduste kohaselt ~6000 EUR<br />
# 4K projektori ekraanid ruumidesse ICT-501 ja ICT-507A<br />
#: eelduste kohaselt ~6000 EUR<br />
#: Adeo Inceel 16:9 135" [[http://www.adeoscreen.com/site/adeogroup90_webprofessional_it/cataloghi_prodotti/Inceel_2018_EN.pdf specs]]<br />
# Extron vaheseina sensor, ~580 EUR<br />
#: Extron ECM S10 [[https://www.extron.com/product/ecms10 specs]]<br />
# masinõppe (Machine Learning) arendamiseks kaks Tesla T4 GPU arvutuskaarti<br />
#: eelduste kohaselt ~4500 EUR<br />
#: NVIDIA Tesla T4 [[https://www.nvidia.com/content/dam/en-zz/Solutions/Data-Center/tesla-t4/t4-tensor-core-product-brief.pdf specs]]<br />
# masinõppe (Machine Learning) arendamiseks mälu juurde, 384GB<br />
#: eelduste kohaselt ~5100 EUR<br />
#: 12x Fujitsu DDR4 32 GB DIMM 288-pin 2666 MHz 1.2V registered ECC [[https://www.markit.eu/ee/en/fujitsu-ddr4-32-gb-dimm-288-pin-2666/v2p15344144 shop]]<br />
# uus P-5/F-2/O-4/T-5/E-4 turvataseme ja õhufiltriga dokumendi ning CD/DVD meedia purustaja 'Dahle 516air'<br />
#: eelduste kohaselt ~2000 EUR<br />
#: Dahle 516air [[https://www.dahle-office.com/en/products/document-shredders/detail/product/show/security-micro-cut-document-shredder-ideal-for-particularly-sensitive-data-9/dahle-516air-en.html spec]]<br />
# linux arvutusserverile mälu juurde, 768GB<br />
#: eelduste kohaselt ~10200 EUR<br />
#: 24x Fujitsu DDR4 32 GB DIMM 288-pin 2666 MHz 1.2V registered ECC [[https://www.markit.eu/ee/en/fujitsu-ddr4-32-gb-dimm-288-pin-2666/v2p15344144 shop]]<br />
# uus 17" kõrgresolutsiooniga VGA USB KVM räckisahtel koos 16-Port KVM switchiga<br />
#: eelduste kohaselt ~3800 EUR<br />
#: NTI RACKMUX® USB KVM Drawer RACKMUX-V17HR-N-16USBHD [[https://www.networktechinc.com/kvm-drawer-switch-hd.html specs]] [[https://www.networktechinc.com/kvm-drawer-switch-hd.html#tab-6 shop]]<br />
# displayde uuendus, displayd<br />
#: 20x Dell UltraSharp U2717D, kokku ~6100 EUR<br />
# displayde uuendus, käpad<br />
#: 12x Ergotron LX Dual Side-by-Side Arm, kokku ~3300 EUR<br />
# eriõppelabori <s>arvutiklassi</s> ICT-501 graafikakiirendite ja mälu upgrade<br />
#: 33x ASUS GTX1650-O4G-LP-BRK, kokku ~6100 EUR<br />
#: 33x Crucial DDR4 16GB DIMM 288-pin 2400 MHz, kokku ~1750 EUR<br />
# USB toiteplokke<br />
#: Anker AK-A2056111 [[https://www.anker.com/products/variant/powerport-speed-pd-5/A2056111 specs]]<br />
# litsentsi ja hooldusmaksud, kokku ~13.5k<br />
#* EUROPRACTICE litsentside hooldusmaks ~9000 EUR<br />
#* server ja klasside tarkvara hooldusmaks ~2500 EUR<br />
#* server ja salvestusseadmete hooldusmaks ~2000 EUR<br />
<br />
<br />
2020 kokku: 118404 EUR<br />
<br />
==== 2021 ====<br />
<br />
<s><br />
# kaks täiendavat TOR 10/40/100G switch serveriruumi, teaduskonna tasemel<br />
#: eelduste kohaselt 15000 EUR<br />
#* Extreme Networks X690-48X-2Q-4C [[https://cloud.kapostcontent.net/pub/44317954-ef18-4082-8714-3b22a9540f32/x690-data-sheet.pdf?kui=t3jIjd3uJZgg-RyyxO3sWg specs]] [[https://www.markit.eu/ee/en/extreme-networks-summit-x690-48x-2q-4c-switch/v2p14481496 shop]] ~15k +km<br />
# üks 10G/25G/40G/50G/100G aggregatsiooniswitch serveriruumi, teaduskonna tasemel<br />
#* Extreme Networks X870-32c [[https://cloud.kapostcontent.net/pub/ca5eb112-e470-4ead-b391-0a6476ad5448/x870-data-sheet.pdf?kui=Z50vsU5-AH31kSdHvCZNnw specs]] [[https://www.markit.eu/ee/en/extreme-networks-extremeswitching-x870-series-x870-32c-base/v2p13723640 shop]] ~25k +km</s><br />
# kolm paari TOR 25/100G switche serveriruumi ja IT Colledzisse koos rack kit'ga, teaduskonna tasemel, RDMA (RoCE v2) tehnoloogia kasutuselevõtuks ja infrastruktuuri arendamiseks<br />
#: eelduste kohaselt 53400 EUR<br />
#: Mellanox MSN2010-CB2R [[https://www.mellanox.com/related-docs/prod_eth_switches/PB_SN2010.pdf specs]] [[https://store.mellanox.com/products/mellanox-msn2010-cb2r-spectrum-based-10-25gbe-and-100gbe-1u-open-ethernet-switch-with-mellanox-onyx-18-sfp28-ports-and-4-qsfp28-ports-rohs6.html store]] á 8590+km <br />
# üks paar SPINE 100G switche serveriruumi, TOR switchide ja RDMA SAN seadmete kokkuühendamiseks, teaduskonna tasemel<br />
#: eelduste kohaselt 32491 EUR<br />
#: Mellanox MSN2100-CB2R [[http://www.mellanox.com/related-docs/prod_eth_switches/PB_SN2100.pdf specs]] [[https://store.mellanox.com/products/mellanox-msn2100-cb2r-spectrum-100gbe-1u-open-ethernet-switch-with-mellanox-onyx-16-qsfp28-ports-2-ac-psus-x86-2core-short-depth-c2p-airflow-rohs6.html store]] á 15943+km<br />
# kuus 25G võrgukaarti teaduskonna serveritele, teaduskonna tasemel, RDMA (RoCE v2) tehnoloogia kasutuselevõtuks ja infrastruktuuri arendamiseks<br />
#: eelduste kohaselt 3260 EUR<br />
#: Mellanox MCX512A-ADAT ConnectX-5 dual port [[http://www.mellanox.com/related-docs/prod_adapter_cards/PB_ConnectX-5_EN_Card.pdf specs]] [[https://store.mellanox.com/products/mellanox-mcx512a-adat-connectx-5-ex-en-network-interface-card-25gbe-dual-port-sfp28-pcie3-0-4-0-x8-tall-bracket.html store]] á 543+km<br />
# kaks 100G võrgukaarti teaduskonna serveritele, teaduskonna tasemel, RDMA (RoCE v2) tehnoloogia kasutuselevõtuks ja infrastruktuuri arendamiseks<br />
#: eeduste kohaselt 1714 EUR<br />
#: Mellanox MCX516A-CCAT ConnectX-5 dual port [[http://www.mellanox.com/related-docs/prod_adapter_cards/PB_ConnectX-5_EN_Card.pdf specs]] [[https://store.mellanox.com/products/mellanox-mcx516a-ccat-connectx-5-en-network-interface-card-100gbe-dual-port-qsfp28-pcie3-0-x16-tall-bracket-rohs-r6.html store]] á 858+km<br />
# DAC 25G/100G kaablid TOR switchide ja serverite ühendamiseks, 16tk 5m pikkused, ca 1050+km<br />
#: FS.COM Mellanox certified DAC [[https://www.fs.com/de-en/products/65856.html 25G]] [[https://www.fs.com/de-en/products/72705.html 100G]]<br />
# neli CWDM4 QSFP28 SMF LC 2km moodulit 100G side loomiseks ICT maja ja IT kolledzi vahele<br />
#: eelduste kohaselt 1450 EUR<br />
#: FS.COM Mellanox certified 100G CWDM4 QSFP28 [[https://www.fs.com/de-en/products/84374.html moodul]] [[https://www.fs.com/de-en/products/42718.html patch]]<br />
# kuue arvutitöökoha uuendamine, instituudi tasemel<br />
#* viimase põlvkonna PC koos monitoride, monitoride lauakinnituse, hiire ja klaviatuuriga ~2k +km<br />
# nelja laptopi uuendamine, instituudi tasemel<br />
#* viimase põlvkonna laptop ~1k +km<br />
# litsentsi ja hooldusmaksud, kokku ~13.5k<br />
#* EUROPRACTICE litsentside hooldusmaks ~9000 EUR<br />
#* server ja klasside tarkvara hooldusmaks ~2500 EUR<br />
#* server ja salvestusseadmete hooldusmaks ~2000 EUR<br />
<br />
<br />
2021 kokku: 118869 EUR<br />
<br />
==== 2022 ====<br />
<br />
<br />
# salvestus(kõvaketta)massiivi väljavahetus, teaduskonna tasemel<br />
#: praegune Storwize V3700 120TB mahus on alates jaanuarist 2018 EOL, support kestab kuni 5a peale EOL, mis on 2023 jaanuar<br />
#: 2022 sügisperioodil tuleb vaadata uus salvestusmassiiv<br />
#: orienteeruda tuleks IBM Storwize v5030 järgmise põlvkonna seadmele (pigem v5100)<br />
#: uue kettakasti maht peaks olema vähemalt 2x praegusest mahust ehk 240TB<s><br />
#: FibreChannel SAN võrgu kiirus 32Gbps</s><br />
#: 25G RoCE ühendus RDMA SAN switchi<br />
#: uue kettakastikomplekti orienteeruv hind 85000 EUR<s><br />
# SAN võrgu uuendus, teaduskonna tasemel<br />
#: tulenevalt uuest kettakastist on vajadus uuema põlvkonna kiirema SAN võrgu järele<br />
#: 24port 32Gbps FC switchid - 2 tükki<br />
#: orienteeruv hind 32000 EUR</s><br />
# kuue arvutitöökoha uuendamine, instituudi tasemel<br />
#* viimase põlvkonna PC koos monitoride, monitoride lauakinnituse, hiire ja klaviatuuriga ~2k +km<br />
# nelja laptopi uuendamine, instituudi tasemel<br />
#* viimase põlvkonna laptop ~1k +km<br />
# litsentsi ja hooldusmaksud, kokku ~13.5k<br />
#* EUROPRACTICE litsentside hooldusmaks ~9000 EUR<br />
#* server ja klasside tarkvara hooldusmaks ~2500 EUR<br />
#* server ja salvestusseadmete hooldusmaks ~2000 EUR<br />
<br />
<br />
2022 kokku: 114500 EUR<br />
<br />
==== 2023 ====<br />
<br />
# eriõppelaborite <s>arvutiklasside</s> uuendamine, 3 klassi ICT maja 5. ja 3. korrusel<br />
#* 5.k klassis 33 arvutitöökohta<br />
#* 3.k klassides 30 arvutitöökohta<br />
#*: kokku 63 arvutitöökohta<br />
#*: ühe töökoha eeldatav maksumus 1450 EUR<br />
#*: 63 arvutitöökoha eeldatav kogumaksumus 91350 EUR<br />
# kuue arvutitöökoha uuendamine, instituudi tasemel<br />
#* viimase põlvkonna PC koos monitoride, monitoride lauakinnituse, hiire ja klaviatuuriga ~2k +km<br />
# nelja laptopi uuendamine, instituudi tasemel<br />
#* viimase põlvkonna laptop ~1k +km<br />
# litsentsi ja hooldusmaksud, kokku ~13.5k<br />
#* EUROPRACTICE litsentside hooldusmaks ~9000 EUR<br />
#* server ja klasside tarkvara hooldusmaks ~2500 EUR<br />
#* server ja salvestusseadmete hooldusmaks ~2000 EUR<br />
<br />
<br />
2023 kokku: 120850 EUR<br />
<br />
==== 2024 ====<br />
<br />
<br />
# salvestus(kõvaketta)massiivi laiendamine, teaduskonna tasemel<br />
#: IBM Storwize v5100 laienduskast koos salvestusseadmetega, ca 26000 EUR<br />
# kuue arvutitöökoha uuendamine, instituudi tasemel<br />
#* viimase põlvkonna PC koos monitoride, monitoride lauakinnituse, hiire ja klaviatuuriga ~2k +km<br />
# nelja laptopi uuendamine, instituudi tasemel<br />
#* viimase põlvkonna laptop ~1k +km<br />
# litsentsi ja hooldusmaksud, kokku ~13.5k<br />
#* EUROPRACTICE litsentside hooldusmaks ~9000 EUR<br />
#* server ja klasside tarkvara hooldusmaks ~2500 EUR<br />
#* server ja salvestusseadmete hooldusmaks ~2000 EUR<br />
<br />
<br />
2024 kokku: 55500 EUR<br />
<br />
==== 2025 ====<br />
<br />
<br />
# salvestus(kõvaketta)massiivi laiendamine, teaduskonna tasemel<br />
#: IBM Storwize v5100 laienduskast koos salvestusseadmetega, ca 26000 EUR<br />
# salvestus(kõvaketta)massiivi ostujärgse garantii pikendamine, teaduskonna tasemel<br />
#: eelduste kohaselt ca 3000 EUR<br />
# kuue arvutitöökoha uuendamine, instituudi tasemel<br />
#* viimase põlvkonna PC koos monitoride, monitoride lauakinnituse, hiire ja klaviatuuriga ~2k +km<br />
# nelja laptopi uuendamine, instituudi tasemel<br />
#* viimase põlvkonna laptop ~1k +km<br />
# litsentsi ja hooldusmaksud, kokku ~13.5k<br />
#* EUROPRACTICE litsentside hooldusmaks ~9000 EUR<br />
#* server ja klasside tarkvara hooldusmaks ~2500 EUR<br />
#* server ja salvestusseadmete hooldusmaks ~2000 EUR<br />
<br />
<br />
2025 kokku: 58500 EUR<br />
<br />
==== 2026 ====<br />
<br />
<br />
# salvestus(kõvaketta)massiivi ostujärgse garantii pikendamine, teaduskonna tasemel<br />
#: eelduste kohaselt ca 3000 EUR<br />
# serverite uuendus<br />
#: kolm serverit<br />
#* kangem linux arvutusserver ca 40000 EUR<br />
#* keskmine windows virtualiseerimisserver ca 30000 EUR<br />
#* lahjem linux baasteenuste server ca 20000 EUR<br />
#: kokku 90000 EUR<br />
<br />
<br />
2026 kokku: 93000 EUR<br />
<br />
==== 2027 ====<br />
<br />
<br />
# viienda (5.) korruse suurte printerite vahetus, instituudi tasemel<br />
#: eelduste kohaselt 7000+km<br />
<br />
<br />
2027 kokku: 7000 EUR<br />
<br />
==== 2028 ====<br />
<br />
<br />
# salvestus(kõvaketta)massiivi väljavahetus, teaduskonna tasemel<br />
#: uue kettakastikomplekti orienteeruv hind 85000 EUR<br />
<br />
<br />
2028 kokku: 85000 EUR<br />
<br />
==== 2029 ====<br />
<br />
<br />
# eriõppelaborite <s>arvutiklasside</s> uuendamine, 3 klassi ICT maja 5. ja 3. korrusel<br />
#* 5.k klassis 33 arvutitöökohta<br />
#* 3.k klassides 30 arvutitöökohta<br />
#*: kokku 63 arvutitöökohta<br />
#*: ühe töökoha eeldatav maksumus 1450 EUR<br />
#*: 63 arvutitöökoha eeldatav kogumaksumus 91350 EUR<br />
<br />
<br />
2029 kokku: 91350 EUR<br />
<br />
==== 2030 ====<br />
<br />
==Korduvad iga-aastased kulutused==<br />
<br />
riist- ja tarkvara ning hoolduskulud, laptopid, tööjaamad, etc.<br />
<br />
* EUROPRACTICE litsentside hooldusmaks ~9000 EUR<br />
* server ja klasside tarkvara hooldusmaks ~2500 EUR<br />
* server ja salvestusseadmete hooldusmaks ~2000 EUR<br />
<br />
aastas kokku: 13500 EUR</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2892SSH encrypt and decrypt2019-12-04T20:38:39Z<p>Marek: /* Decryption fail */</p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours mw-collapsed" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="float: none;"><br />
{| style="width: 100%;"<br />
|- style="vertical-align:middle;"<br />
|style="text-align:left;"| <div style="font-weight:bold; line-height:1.6; text-align:left;"> SSH private key, file <code>id_rsa</code> contents </div><br />
|style="text-align:right;"| <div style="font-weight:bold; font-style: italic; text-decoration:underline; text-align:right;"> click to expand </div><br />
|}<br />
</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Decryption fail ===<br />
<br />
In reference to: https://medium.com/@6et/convert-openssh-rsa-key-to-a-pem-file-80753fdbac00<br />
<br />
When You see following error <code>unable to load Private Key</code>...<code>Expecting: ANY PRIVATE KEY</code>.<br />
<br />
This means that Your private key is not in PEM format. To check if that is the case, You can view the contents of your <code>~/.ssh/id_rsa</code> file and see if it starts with line<br><br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN OPENSSH PRIVATE KEY-----<br />
</pre><br />
</div><br />
Different versions of Secure Shell than You are currently using may have generated such keys. Secure Shell itself is able to handle different versions of private key formats as it converts/reads in them into suitable format for itself. Trouble lies with other utilities like <code>openssl</code> that can handle only specific/specified formats. <br />
<br />
<br />
To convert Your private key into usable form, issue command<br><br />
<pre><br />
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa<br />
</pre><br />
<br />
After that Your private key should start with line<br><br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
</pre><br />
</div><br />
And now You can decrypt the message using <code>openssl</code> utility.<br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2891SSH encrypt and decrypt2019-12-04T20:37:58Z<p>Marek: /* Decryption fail */</p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours mw-collapsed" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="float: none;"><br />
{| style="width: 100%;"<br />
|- style="vertical-align:middle;"<br />
|style="text-align:left;"| <div style="font-weight:bold; line-height:1.6; text-align:left;"> SSH private key, file <code>id_rsa</code> contents </div><br />
|style="text-align:right;"| <div style="font-weight:bold; font-style: italic; text-decoration:underline; text-align:right;"> click to expand </div><br />
|}<br />
</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Decryption fail ===<br />
<br />
In reference to: https://medium.com/@6et/convert-openssh-rsa-key-to-a-pem-file-80753fdbac00<br />
<br />
When You see following error <code>unable to load Private Key</code>...<code>Expecting: ANY PRIVATE KEY</code>.<br />
<br />
This means that Your private key is not in PEM format. To check if that is the case, You can view the contents of your <code>~/.ssh/id_rsa</code> file and see if it starts with line<br><br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN OPENSSH PRIVATE KEY-----<br />
</pre><br />
</div><br />
Older/different versions of Secure Shell than You are currently using may have generated such keys. Secure Shell itself is able to handle different versions of private key formats as it converts/reads in them into suitable format for itself. Trouble lies with other utilities like <code>openssl</code> that can handle only specific/specified formats. <br />
<br />
<br />
To convert Your private key into usable form, issue command<br><br />
<pre><br />
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa<br />
</pre><br />
<br />
After that Your private key should start with line<br><br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
</pre><br />
</div><br />
And now You can decrypt the message using <code>openssl</code> utility.<br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2890SSH encrypt and decrypt2019-12-04T20:27:40Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours mw-collapsed" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="float: none;"><br />
{| style="width: 100%;"<br />
|- style="vertical-align:middle;"<br />
|style="text-align:left;"| <div style="font-weight:bold; line-height:1.6; text-align:left;"> SSH private key, file <code>id_rsa</code> contents </div><br />
|style="text-align:right;"| <div style="font-weight:bold; font-style: italic; text-decoration:underline; text-align:right;"> click to expand </div><br />
|}<br />
</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Decryption fail ===<br />
<br />
In reference to: https://medium.com/@6et/convert-openssh-rsa-key-to-a-pem-file-80753fdbac00<br />
<br />
When You see following error <code>unable to load Private Key</code> + <code>Expecting: ANY PRIVATE KEY</code>.<br />
<br />
This means that Your private key is not in PEM format. To check if that is the case, You can view the contents of your <code>~/.ssh/id_rsa</code> file and see if it starts with line<br><br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN OPENSSH PRIVATE KEY-----<br />
</pre><br />
</div><br />
<br />
To convert Your private key into usable form, issue command<br><br />
<pre><br />
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa<br />
</pre><br />
<br />
After that Your private key should start with line<br><br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
</pre><br />
</div><br />
And now You can decrypt the message using <code>openssl</code> utility.<br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2889SSH encrypt and decrypt2019-12-04T20:19:49Z<p>Marek: /* Notes */</p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours mw-collapsed" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="float: none;"><br />
{| style="width: 100%;"<br />
|- style="vertical-align:middle;"<br />
|style="text-align:left;"| <div style="font-weight:bold; line-height:1.6; text-align:left;"> SSH private key, file <code>id_rsa</code> contents </div><br />
|style="text-align:right;"| <div style="font-weight:bold; font-style: italic; text-decoration:underline; text-align:right;"> click to expand </div><br />
|}<br />
</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Decryption fail ===<br />
<br />
In reference to: https://medium.com/@6et/convert-openssh-rsa-key-to-a-pem-file-80753fdbac00<br />
<br />
When You see following error <code>unable to load Private Key</code> + <code>Expecting: ANY PRIVATE KEY</code>.<br />
<br />
This means that Your private key is not in PEM format. To check if that is the case, You can view the contents of your <code>~/.ssh/id_rsa</code> file and see if it starts with line<br><br />
<pre><br />
-----BEGIN OPENSSH PRIVATE KEY-----<br />
</pre><br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2888SSH encrypt and decrypt2019-12-04T15:49:23Z<p>Marek: /* The keys */</p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours mw-collapsed" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="float: none;"><br />
{| style="width: 100%;"<br />
|- style="vertical-align:middle;"<br />
|style="text-align:left;"| <div style="font-weight:bold; line-height:1.6; text-align:left;"> SSH private key, file <code>id_rsa</code> contents </div><br />
|style="text-align:right;"| <div style="font-weight:bold; font-style: italic; text-decoration:underline; text-align:right;"> click to expand </div><br />
|}<br />
</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2887SSH encrypt and decrypt2019-12-04T15:36:36Z<p>Marek: /* The keys */</p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours mw-collapsed" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="float: none;"><br />
<div style="font-weight:bold;line-height:1.6;">SSH private key, file <code>id_rsa</code> contents</div><br />
</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2886SSH encrypt and decrypt2019-12-04T15:35:35Z<p>Marek: /* The keys */</p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="float: none;"><br />
<div style="font-weight:bold;line-height:1.6;">SSH private key, file <code>id_rsa</code> contents</div><br />
</div><br />
<div class="mw-collapsible-content mw-collapsed"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2885SSH encrypt and decrypt2019-12-04T15:33:39Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="mw-collapsible toccolours" style="width:540px; overflow:auto;"><br />
<div class="mw-collapsible-toggle toccolours" style="width:540px; float: none;"><br />
<div style="font-weight:bold;line-height:1.6;">SSH private key, file <code>id_rsa</code> contents</div><br />
</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2884SSH encrypt and decrypt2019-12-04T15:19:56Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
</div><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="toccolours mw-collapsible mw-collapsed" style="width:540px; overflow:auto;"><br />
<div style="font-weight:bold;line-height:1.6;">SSH private key, file <code>id_rsa</code> contents</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<div class="toccolours" style="width:540px; overflow:auto;"><br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
</div><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marekhttps://strudel.pld.ttu.ee/wiki/e/index.php?title=SSH_encrypt_and_decrypt&diff=2883SSH encrypt and decrypt2019-12-04T15:17:11Z<p>Marek: </p>
<hr />
<div>__TOC__<br />
<br />
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys<br />
<br />
== Why? ==<br />
For example,<br><br />
when You have to send someone a password and sending it over internet in plaintext is out of the question.<br />
<br />
== How to send Yourself a secret message (tutorial) ==<br />
<br />
=== The keys ===<br />
<br />
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.<br />
<br />
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.<br />
<br />
<br />
One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -t rsa -b 4096<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key (/home/user/.ssh/id_rsa): <br />
Enter passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved in /home/user/.ssh/id_rsa.<br />
Your public key has been saved in /home/user/.ssh/id_rsa.pub.<br />
The key fingerprint is:<br />
SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux<br />
The key's randomart image is:<br />
+---[RSA 4096]----+<br />
|+o.. |<br />
|oo. E |<br />
|o. + .. . |<br />
| o.oo . o |<br />
|.o=+ o S |<br />
|.+== . . |<br />
|oB*.o + |<br />
|+o=*+* . |<br />
| o*OBo+ |<br />
+----[SHA256]-----+<br />
</pre><br />
<br />
The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to Your home directory.<br />
<br />
The contents of the public key <code>id_rsa.pub</code> should be like this:<br />
<pre><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0slKFeI2QKDbele2YNbbsQnIuIr070sAAcK3lazDRNEfSAVqcevAoUoTFRe7BRKjeTzj74q8XGfH6/OciiVGpvF9La/a8apXB0x4qYdCA+S/pZJGbl8MLRMMuaU+7sUSd0wEhru5H8LXilpRjNBht+In4+CJKEOWb3TJ2gAPHp8hACdCpyKUNz6g+hcE8Vkx/JoMXDqhyGGr2qVcVTDxZ/Y506LyOMwarnzdz7JYLBq8LPOiHI6BNIUSnC8HixQ9DnJev44ZVJcoKLLM/kn7GNVczZ+L8xKC5i5GB+rAWPy4unQqqB9pAwKUjZ3WRRPFH8TcRprjiHlsZjeW27nAPeIu+jE0fQWKSWMdGt1CTYJuOGf7zOFCHupHC6S6EKqVUtni3GuiM+NQHukGAk95DWGydVY6OSTJP0a5/4akS/KmpOZ20WTer1BV171DZI3X8P35vwJIaP9Aamg4pDhQUSXSn1f9YD5lgXmhhgFVcyjo+ox6Q2VuVNX/eLW7WxtfmDBYCHbJEzIb3nHH2CWb47YyA+pYbku4WjFDTRc7blgsnCjCMGHPHXyP8TLLWB6ZiLYwAvucK78rljkTXwPALllktMG9YN215CRJGqZcWaCiVspWJvSwpMF8nJR842IpgkGFtlcMoPFoPwuv8yMUa+3bu2T3nwULOmZCsEBJiXQ== user@linux<br />
</pre><br />
<br />
And the contents of the private key <code>id_rsa</code> should be like this:<br />
<div class="toccolours mw-collapsible mw-collapsed" style="width:540px; overflow:auto;"><br />
<div style="font-weight:bold;line-height:1.6;">SSH private key, file <code>id_rsa</code> contents</div><br />
<div class="mw-collapsible-content"><br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIJKQIBAAKCAgEAu5Z/XRKcm5pxUMTcAHM643DqdvheWVDTwsG5R3RAF18HN7kt<br />
P/WLgk3bJy3gMTEetczE5uEV6ukY2ZgrPyOqAfORjB5cRfzy4TsRCqJ0eljY4PEo<br />
A54gJFCzlOBiQwL8pL1KHwMQGyer54++VTVay8+te9AXWkX6K9aRWM+FVuUPAjnX<br />
RZ6OpDmcJ+AXn2e3LEIENgs4gTnHGxwCYYuHkRivWFj2C8fIOgMoYjX7eUO68151<br />
jgLlsRQEvpedYA2xTSQ9gP/UTTSbxJWrUjkDHr7Qyq3JKudU/cjeYDN9ZXgxwuJz<br />
777jMgfnoAQgAdywtLKEqY8Be5z9zYmfU7C4AgXBbacDDmcRfjgHHIbIwYTo411A<br />
22HvMzl+af0NTb1ALk5vCpb8hVdWozNb0eAnPa3L9UGvcu/rko59E0UA0pJ3CtNA<br />
Xo/ZX7OLucrdehAmUQtD97bMrEFr+pP21t8r2XqvNfH6EparArL9cVXbGuVvkpRz<br />
xnXhJmHFogOlHLPXOnF9pkFj7HL0ScYqkhll8niDLG3+AyjCcEQ0vmIuRpMONfa5<br />
K8sH9XQLY4yKFbZzWcpIUUeSkSWkAfo7os7e+D4+xUcTLAUXaZsvs9QaNnMKZU+A<br />
5FSd5uv8H/Ku+ejX03G1CGDV9nJYzA0Ysc/UPy08j3eSrFZCqJN2Kci76gUCAwEA<br />
AQKCAgAE7c1m6qhGxmYX0zRcpqpzc3IVsiz4d9E4mtJ9eCZ+9rY/1pPDzHXf9J+/<br />
hcsQP9QovrqlvmBPDdTjUsZAIHXFG1tFrT6LcDwJgv3No7sfw9ne/zcn8S2zBpPR<br />
Y5vxWtC8m2SpL/FqZT51FSfRIVfDZy+Nw0f5zUDnifnDtaAxSk98pXxsjd/9nK3n<br />
tlGolJcRiKKHsP/JFXWP1sqROZNUUqu4zI2afaNbMt4KxpRW+VqeLms0Ugsq/fWp<br />
9F3kOjfgaQVcsFwpsyosniokPO9CDY165doVUILBMFf3eyLeWawlDMIzGHbrx51k<br />
bPdSVTQna1FlCybk0pkwn18aWdhb2bpTympeXRRqH2nYBptHZPSLNDkyg3pMVYg/<br />
IlSjM1yTri2D4MJ/wsc40UMag9ntfBlyPou1fZNMJtfDR0EchvOrYYVE8Q6wsTr6<br />
WfHy1KrsRr9WPkJ3xC65GJLnxXBzRx/btDWeDX0DQuWHzM/YeI8vDZrCj5q4wSDs<br />
2xbt3syLum8OUMTPXsahrL1yUXAC+YBayh7BSeTSNsngLN+Hmvn/aCBX+191H/9g<br />
JQhtKBjjGdSUz2NTOQSB1PKFrIhMW+xz09S/fOC86tVnxYr2q6BtBWQOy3m/oN09<br />
cbzATIgCSFyRvadocT0UmhevWJQ9gCof7wSW2wJbgCCH/pd5gQKCAQEA3tjuS6UH<br />
M61gs8vH2vCE/LnMRoH5AnDUPecl7AWszMPzMH1Rm7JvN2ao0IOk+Az9p4j9QhP0<br />
kCug9mfPjtjSWePmrCamXbCuSEoUWTyVxf/ZD1rspS57QMHpl/OZUc4qfM/NdXFD<br />
Eh724fw8Cu1qJz8Xr0pU+3XpRfw8X3vUrvlkkc9GCv1hg2YnBLHz/LdRvyLpa4IZ<br />
6dNXaqjP7lWID5ylT/Tq6WQyIDhrHr9y0g5/F7WqUtd63VeJl97IUs98Qt9l6NKj<br />
0fDbUJVlhF2QUMbu+zqwAJGoh+JBr9GadvStcbvFuSTtwCBHeAfE8tZ/7ZNadXVL<br />
m8lrSH7gSN4GFQKCAQEA1364VWWkkdNvTreyj2eMeoQaPtNKVnP+FC7N8PPG/2KB<br />
eL/DWORSlwUmBX62bYmMuzJEacK8UyUTd/v5OmjZ2y8wdrAZX7R5iHGUD8NEPDZi<br />
U/okGrq7KeuV/rA8A6t6IWIcEBw/JiKuK96dToySDtEYXLc+lLDCoaHayVv7WT77<br />
yUPSHY4RF7G/ipiSYoFfYlvCMh/TveCDDdz1eiJpGtfKBHZWVMoLXKtnka704IWt<br />
/dghwd4Uvqz5zaVPLZHhCmppI0uia5wH9mkoHMjOx7ZuoDrg2SuYsBaNPhQTb3aA<br />
oUvnC2xWM+1RRHKIU6/VyRUfbkPAhycZ1rSq2znAMQKCAQEA21vQXbfJug29dd5v<br />
EU3Wqms98F26PrPPyEuDIayIZ1uvRBjnvwpKvc8Y93/OYLlw6nxHR8ca4tt/a23O<br />
ev9lOETE6Mp20xy6wb/h/eFMUQXCpYHMFeEGRD1c8k1Aq6z0V725shRWgDzoqpS+<br />
iccfyhgp+UuDEbAEevaKezcKqV4mp/zPJrw6Q7zHRbDhye6t0ibMfB4p4eg+UWhw<br />
nVumPi/k7irZHfqZ+OtwTmkH3kuUwUL6sOcZM04ay9rpd9Jzr+P1jdPinCKpz83v<br />
ivcKuujHj5c6bqTyryeBn08E7Hl3TdAXFmOKgKeFklqbfKq2bKay0ZIvZd9D8q2p<br />
mzCp7QKCAQA3dFu5ViPIhxGQv0MLFkmXSaF7Y2Iw5z6OMRE8HW+rTs0kpqx9lpwO<br />
Uvva1CXcAFaf4aqrULqn5tWgvc4AEvVlKzqcgGq3LzlLPHcuq0BHAnPBSpC59C2v<br />
9vkthmqbQyh1qMqx9qLljG0nyuzORuxbNcHAMkO/fdFISN+Fi88dw1CGFZbfliyd<br />
3Vb+Mo8RHFvQcu6BeaFCrqDrE150ZKCJkNhi15UV0ryjx1QqsExB7wS8Wz8spZrP<br />
CrJqEk1S28R+qq2NsKwGZyvBZIQ3DBHyYOcNArnUCR0My3DjdcUenO8zEtZNIT75<br />
s+uC4rpkVs58JZxmArdr0Esc7nc9XRoxAoIBAQCjE2+VQOtWWV+6ab3TlsZ0nWM7<br />
kKTcWlz0WixKAfGzkYtypW3qlli3M8JqDGPw4M5o4VR1c5gjj0hIr37ywBi9PtrM<br />
nkz3iRI8sTyTWqfns/NfQiJrSCWMvTOChxDskm7gxn6cz2/OcmsqUINjQdm+mqiE<br />
cd/4Awso2itT0NUkhoZSRon5cwOCqJg8DukLBdXrmWDmDqJDulzAZTZlbAMxeSn4<br />
M1Vrc7QD6jtNBxlJsvDolatOccZv9dVCLUIUUkkTN41uIq96F+4mxW63SqTW0MaT<br />
PGN9FPjRVXSuyyDrVyua7Z3R4wqy1RFc7XMaXxg5qaqhiZbXkBU444NkU0jg<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
</div></div><br />
<br />
=== To encrypt ===<br />
<br />
Now You have Your pair of keys, the public one <code>id_rsa.pub</code> is used to encrypt and the private one <code>id_rsa</code> to decrypt a message.<br />
<br />
==== Create the message ====<br />
<br />
Take Your favorite text editor and create short text file <code>message.txt</code> with some content like:<br />
<pre><br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<br />
==== Prepare Your public key for encryption ====<br />
<br />
One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''.<br />
<br />
To be usable with <code>openssl</code> utility it has to be in PKCS8 format.<br />
<br />
Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this:<br />
<pre><br />
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8<br />
</pre><br />
<br />
The contents of such converted key should be like this:<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtLJShXiNkCg23pXtmDW2<br />
7EJyLiK9O9LAAHCt5Wsw0TRH0gFanHrwKFKExUXuwUSo3k84++KvFxnx+vznIolR<br />
qbxfS2v2vGqVwdMeKmHQgPkv6WSRm5fDC0TDLmlPu7FEndMBIa7uR/C14paUYzQY<br />
bfiJ+PgiShDlm90ydoADx6fIQAnQqcilDc+oPoXBPFZMfyaDFw6ochhq9qlXFUw8<br />
Wf2OdOi8jjMGq583c+yWCwavCzzohyOgTSFEpwvB4sUPQ5yXr+OGVSXKCiyzP5J+<br />
xjVXM2fi/MSguYuRgfqwFj8uLp0KqgfaQMClI2d1kUTxR/E3Eaa44h5bGY3ltu5w<br />
D3iLvoxNH0FikljHRrdQk2Cbjhn+8zhQh7qRwukuhCqlVLZ4txrojPjUB7pBgJPe<br />
Q1hsnVWOjkkyT9Guf+GpEvypqTmdtFk3q9QVde9Q2SN1/D9+b8CSGj/QGpoOKQ4U<br />
FEl0p9X/WA+ZYF5oYYBVXMo6PqMekNlblTV/3i1u1sbX5gwWAh2yRMyG95xx9glm<br />
+O2MgPqWG5LuFoxQ00XO25YLJwowjBhzx18j/Eyy1gemYi2MAL7nCu/K5Y5E18Dw<br />
C5ZZLTBvWDdteQkSRqmXFmgolbKVib0sKTBfJyUfONiKYJBhbZXDKDxaD8Lr/MjF<br />
Gvt27tk958FCzpmQrBASYl0CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
==== Encrypt the message ====<br />
<br />
Now You can encrypt Your super secret message with converted public key like this:<br />
<pre><br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey id_rsa_pub.pkcs8 > message.enc<br />
</pre><br />
In above example we pipe the contents of <code>message.txt</code> file to <code>openssl</code> utility that uses converted public key <code>id_rsa_pub.pkcs8</code> and then we store the output in file <code>message.enc</code><br />
<br />
=== To decrypt ===<br />
<br />
To decrypt the encrypted message file <code>message.enc</code> we use <code>openssl</code> utility like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
In above example the contents of decrypted message are show in startard output.<br />
<br />
To save decrypted contents one can modify the command like this:<br />
<pre><br />
linux:/home/user> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa > message.txt<br />
</pre><br />
<br />
== Real world ==<br />
<br />
In real world, when You have to pass someone sensitive small message, like a password<br />
# You ask that someone to send You their public key<br />
#* If that public key is not already in PKCS8 format then You convert it<br />
# You encrypt Your message with that someone's public key that is in PKCS8 format<br />
# You send the encrypted message to that someone<br />
# That someone decrypts Your message with their private key<br />
Contrary to tutorial above Your SSH keys are not needed when You are sending an encrypted message. You only need the other persons public key.<br />
<br />
<br />
<hr><br />
When someone sends You their public key, save it to a file <code>someone.pub</code>. Create Your secret message <code>message.txt</code>. Then do following, firstly to convert the key and secondly to encrypt Your message:<br />
<pre><br />
linux:/home/user> ssh-keygen -f someone.pub -e -m pkcs8 > someone_pub.pkcs8<br />
linux:/home/user> cat message.txt | openssl rsautl -encrypt -pubin -inkey someone_pub.pkcs8 > message.enc<br />
</pre><br />
And send the output <code>message.enc</code> as a file to that someone. <br />
<br />
That person then does following and reads the message content from standard output:<br />
<pre><br />
linux:/home/someone> cat message.enc | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa<br />
This is very serious short message.<br />
That will be encrypted.<br />
And decrypted.<br />
</pre><br />
<hr><br />
<br />
== Notes ==<br />
<br />
=== Message size ===<br />
<br />
This encryption / decryption method is suitable for small messages, messages whose bitlength is smaller than used RSA key length.<br />
<br />
If You want to encrypt longer messages or some big file(s) then the above method can be used for passing on encrypted passwords that are used for file encryption/decryption.<br />
<br />
One should use CBC (Cipher Block Chaining) continuous block cipher like AES256 for big file encryption / decryption. <code>openssl</code> utility is able to do that too.<br />
<pre><br />
openssl enc -aes256 -kfile message.txt -in file -out file.enc<br />
</pre><br />
<br />
=== What the path? ===<br />
<br />
<code>~</code> denotes users home directory, in essence its a shortcut for <code>/home/user</code><br />
<br />
Then <code>~/.ssh</code> means subfolder <code>.ssh</code> that resides in users home directory <code>/home/user</code><br />
<br />
When using full path the above would be <code>/home/user/.ssh</code><br />
<br />
=== Private stuff ===<br />
<br />
Your key pair that You generated is Your sensitive security information.<br />
<br />
Your public key can be passed on to persons/organizations You know, to authenticate You as a sign-on method (go see Gitlab), or it can be used as in above tutorial to encrypt messages. Being "public" does not mean You should openly advertise the contents of that key. It is theoretically possible to re-create private key based on public key, that process takes massive amounts of supercomputer time and is exponentially difficult based on key length. The longer the key the better. There is a tradeoff - longer keys work slower. In above tutorial we used 4096 bit keys that are quite okay by todays (2019) standards.<br />
<br />
Your private key should never be shown or given out to anyone. The best practice is to encrypt Your private key with a password.<br />
<code>ssh-keygen</code> utility is able to do that like this:<pre><br />
linux:/home/user> ssh-keygen -p -f ~/.ssh/id_rsa<br />
Enter new passphrase (empty for no passphrase): <br />
Enter same passphrase again: <br />
Your identification has been saved with the new passphrase.<br />
</pre><br />
<br />
When You lose your private key, then all is lost. Unless You work for NSA and have supercomputer farm at hand. So keep it safe and secure.<br />
<br />
=== Martian messages ===<br />
<br />
Obviously encrypted messages are not human readable. If You made a mistake of looking the contents and Your command line went gibberish, issue following command by blindly typing: <code>reset</code>. This resets the terminal and You should see normal command line again.</div>Marek