Difference between revisions of "SSH encrypt and decrypt"
(→Why?) |
|||
| Line 8: | Line 8: | ||
== How == | == How == | ||
| + | |||
| + | === The keys === | ||
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them. | Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them. | ||
| Line 14: | Line 16: | ||
| − | One can make simple passwordless RSA key-pair like this: | + | One can make simple passwordless RSA key-pair with <code>ssh-keygen</code> utility like this: |
<pre> | <pre> | ||
linux:/home/user> ssh-keygen -t rsa -b 4096 | linux:/home/user> ssh-keygen -t rsa -b 4096 | ||
| Line 39: | Line 41: | ||
</pre> | </pre> | ||
| − | The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to your home directory | + | The process above creates 2 files <code>id_rsa</code> <code>id_rsa.pub</code> and places them into subfolder <code>.ssh</code> relative to your home directory. |
| + | |||
| + | === To encrypt === | ||
| + | |||
| + | Now You have Your pair of keys, the public one <code>id_rsa.pub</code> to encrypt and the private one <code>id_rsa</code> to decrypt. | ||
| + | |||
| + | ==== Create the message ==== | ||
| + | |||
| + | Take Your favorite text editor and create short text file <code>message.txt</code> with some content like: | ||
| + | <pre> | ||
| + | This is very serious short message. | ||
| + | That will be encrypted. | ||
| + | And decrypted. | ||
| + | </pre> | ||
| + | |||
| + | ==== Prepare Your public key for encryption ==== | ||
| + | |||
| + | One drawback or discouraging step for encryption is that Your public key is not usable '''''as is'''''. | ||
| + | |||
| + | To be usable with <code>openssl</code> utility it has to be in PKCS8 format. | ||
| + | |||
| + | Public key can be converted to PKCS8 format with <code>ssh-keygen</code> utility like this: | ||
| + | <pre> | ||
| + | linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8 | ||
| + | </pre> | ||
Revision as of 19:34, 19 November 2019
Contents
Tutorial on how to encrypt and decrypt small messages using Secure Shell keys
Why?
For example,
when you have to send someone a password and sending it over internet in plaintext is out of the question.
How
The keys
Everyone who uses Secure Shell (SSH) has an easy access to accompanying Secure Shell keys. When You do not have them, then You generate them.
All it takes is Linux, MacOS command line or Cygwin shell in Windows. A minute or two of Your time and few sips of tea. Done.
One can make simple passwordless RSA key-pair with ssh-keygen utility like this:
linux:/home/user> ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: SHA256:seDs6vDo55WegAZnG/mr8S+sgz2kvJFCc1wAGsHyB2c user@linux The key's randomart image is: +---[RSA 4096]----+ |+o.. | |oo. E | |o. + .. . | | o.oo . o | |.o=+ o S | |.+== . . | |oB*.o + | |+o=*+* . | | o*OBo+ | +----[SHA256]-----+
The process above creates 2 files id_rsa id_rsa.pub and places them into subfolder .ssh relative to your home directory.
To encrypt
Now You have Your pair of keys, the public one id_rsa.pub to encrypt and the private one id_rsa to decrypt.
Create the message
Take Your favorite text editor and create short text file message.txt with some content like:
This is very serious short message. That will be encrypted. And decrypted.
Prepare Your public key for encryption
One drawback or discouraging step for encryption is that Your public key is not usable as is.
To be usable with openssl utility it has to be in PKCS8 format.
Public key can be converted to PKCS8 format with ssh-keygen utility like this:
linux:/home/user> ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > id_rsa_pub.pkcs8
