OpenSSL as a general purpose encryption tool

[John Kaiser <jk06@donefor.net>]

Nobody asked me for this, but I thought it might be a useful diversion from
the endless discussions about bind versions. 

 --- 

Openssl is a nice command line encryption utility.  You would never know
it if you tried to read the man page to figure out how to use it.  It
will do other amazing things, but for this note I will only be talking
about the encryption functions. 

To use openssl to encrypt a file using the blowfish algorithm, you can
use the following command: 

openssl enc -bf -in plaintext.txt -out cyphertext.dat -pass pass:secret 

This will encrypt the file "plaintext.txt" into a file "cyphertext.dat"
using password "secret".  Standard in and standard out may also be used,
just leave off the "-in filename" and "-out filename".   If you leave off
"-pass pass:secret", you will be prompted for the password instead.  This
would avoid leaving your password in a command line history file or having
it show up in a ps command.  The "-bf" says to use the blowfish algorithm
and "enc" says to do file encryption as opposed to presenting a digital
certificate or some such other function. 

There is an implied "-e" flag for the above example.  To decrypt a file
you must specify the "-d" flag.  For instance: 

openssl enc -bf -d -in cypertext.dat -out plaintext.txt -pass file:mysecret 

In this case, instead of specifying the password on the command line, I
have told openssl to use the first line of the file mysecret for the
password. 

It is pretty nifty if you ask me; it just needs some clear instructions
to be really usefull. 

 ---
jk