OneCompiler

Encryption Notes

293

Example heading with h2 size

Crete public key file:
-----------------------
gcloud kms keys versions get-public-key "1" --location=global --keyring=my-keyring --key=my-asymmetric-encryption-key --output-file=./key.pub


Create file:
-------------
echo "Hello world" > ./my.txt
cat ./my.txt


Encrypt data :
--------------
openssl pkeyutl -encrypt -pubin -in=./my.txt -inkey=./key.pub -pkeyopt "rsa_padding_mode:oaep" -pkeyopt "rsa_oaep_md:sha512" -pkeyopt "rsa_mgf1_md:sha512" > ./my_enc.txt.enc
cat ./my_enc.txt.enc


Decrypt Data:
--------------
gcloud kms asymmetric-decrypt --location=global --keyring=my-keyring --key=my-asymmetric-encryption-key --version=1 --ciphertext-file=./p1.txt.enc --plaintext-file=./p1.file.dec
cat ./p1.file.dec

OPenSSl generate keys, encrypt, decrypt

Create private key with password protection 
3DES : Triple Data Encryption Standard (DES)
-----
openssl genrsa -des3 -out myPrivate.key
Enter password (Private key is protected)

AES:
-----
openssl genrsa -aes-256-cbc -out myPrivate.key
Enter password (Private key is protected)

Create private key without password :
---------
openssl genrsa -out myPrivate.key


Create public key:
----------------
openssl rsa -in myPrivate.key -pubout > myPublic.key
Enter password (same password we gave it in private key generation)



Encrypt with rsa:
----------------
echo "Hello world" > ./message.txt
openssl pkeyutl -encrypt -inkey myPublic.key -pubin -in message.txt -out message.enc


Decrypt with rsa private key:
-----------------------------
openssl pkeyutl -decrypt -inkey myPrivate.key -in message.enc -out message.dec
(Enter password of private key also)

Sign encrypted file with signature

Create Signature for encrypted file
------------------------------------
openssl dgst -sha256 -sign myPrivate.key -out mySign message.enc
(Enter password of private key also)



Encrypt sign file also: (No need to encrypy with key, just normal base 64 encryption)
------------------------
openssl base64 -in mySign -out mySignEncrypted


Send encrypted file with encrypted signature also 
----------------------------
Decrpt Sign file:
------------------
openssl base64 -d -in mySignEncrypted -out signerDecrypted


Verify text encrypted file is signed with above signature or not
------------------------------------------------------------------------------------
openssl dgst -sha256 -verify myPublic.key  -signature signerDecrypted message.enc