Pages: [1]

Author Topic: [BASH] One-liner to encrypt & decrypt from STDIN/STDOUT  (Read 765 times)

0 Members and 1 Guest are viewing this topic.

Offline srirachasauce

  • /dev/null
  • *
  • Posts: 17
  • Cookies: -2
    • View Profile
[BASH] One-liner to encrypt & decrypt from STDIN/STDOUT
« on: March 26, 2015, 07:39:38 pm »
I've found it quite useful to use STDIN/STDOUT to pass data to openssl for on the fly encryption in the BASH shell. Here is an example.

First we'll echo the strings in 'Some epic fucking secret', and BASH pipe that into openssl to transport the data we want to encrypt:

Code: [Select]
$ echo "Some epic fucking secret" | openssl aes-256-cbc -a -salt -in /dev/stdin -out /dev/stdout
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX1+ugOlIal5TM8fd/zy2IzLlRSR0WDaf+gARZUS47wIdyK1D41IbCOyF

So now you can pass the encrypted secret to someone. But in this case we're wanting to decrypt from STDIN just as we used STDOUT to encrypt our secret strings.

Let's decrypt the secret:

Code: [Select]
$ echo "U2FsdGVkX1+ugOlIal5TM8fd/zy2IzLlRSR0WDaf+gARZUS47wIdyK1D41IbCOyF" | openssl aes-256-cbc -d -a -in /dev/stdin -out /dev/stdout
enter aes-256-cbc decryption password:
Some epic fucking secret

Let's now say that you wanted to use wget to fetch a remote file, but save it in encrypted form:

Code: [Select]
$ wget "https://www.whitehouse.gov/robots.txt" -O /dev/stdout | openssl aes-256-cbc -a -salt -in /dev/stdin -out /dev/stdout
enter aes-256-cbc encryption password:--2015-03-26 12:35:56--  https://www.whitehouse.gov/robots.txt
Resolving www.whitehouse.gov (www.whitehouse.gov)... 23.214.186.191, 2a02:26f0:8:196::fc4, 2a02:26f0:8:180::fc4
Connecting to www.whitehouse.gov (www.whitehouse.gov)|23.214.186.191|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1521 (1.5K) [text/plain]
Saving to: ‘/dev/stdout’

/dev/stdout                                                 100%[==========================================================================================================================================>]   1.49K  --.-KB/s   in 0s     

2015-03-26 12:35:57 (194 MB/s) - ‘/dev/stdout’ saved [1521/1521]

enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX1+4xeCT0RPxeTCb7r72sHV861cOUKDFSFc/Q4e37vCsEU8pd3EkP2Q/
PaE4hyfU2+eN21YpA27BTk1XLDW4D2bbEyZUQX7Hmj8CDq20mtWM8DDMdcqKIh6E
tNVx2BByvT6q1ubzu46wNyKJW7z16jBOm4TGAAOeHUyNDIsRDdSiNV7fSJNJ7r3I
vFSxFI9gfocxFrO23DdAvZVx5bLJBaEMvPWBrnKGf4+pKWNX3vPlvO0ygOxYBpSy
uL5xYhLcMaCXQ8eFUv0T8lGv1Yy5mmEw+4QsMSZY61BIIS3zy+EakbFi8FyTJGqN
CqYv+iIL/JbjvH9n6h81VX79QZgM/cCgyTtirTh+5EZK5NBAaMY8EZYPzPUzSuFW
uUggk3kYJQX0qzPxeGgA72DkorD+il5awB8ld9f7vl8hwfXHKnz/Q9K5khKs3n8/
C2p/yTfdKzbktRBAMlRjFG0YJLUJxIYQL9WzucMF8tklFpCxc7wvXOygJEAfd2c9
tw9jRgJegvMR7ZxKRaJPV/jViI/fXX3GgrVagGUKIcdsYHVeV4KjQvgYh3amDdcQ
2bTp/VXT2CFBEfmcu/ntipvc6yBaf0kLFo6mXoa+DAw5u37PtZYqotVwBe5srX2K
/OoOe2zj32NM4Ka6RG+OCLCso67E6EnEoXMHwL9zE/q2vzcoMjziBQFsFJHY0HlG
dLyB8KO57f4Fu4xgeRIU+e+P8M+bknKjaoquhLRSQOnVmKYg565aKHgB7D6IAlAT
rMexMpbHMlsi/IKN80vUAafnB2OZWA1QMFoc0UckUeFQitLhQA/lsaJop4t6h13g
6ZjQq+5MmVO2Ih82GhSEvJ1zJw6GBNJKahki/ByKN4pZwdZE+c5p5Rnj7z+FNdX0
JxzFQpxb29XDqXBB/ONFBSK3NZC6jiONzxX8pOtIkwWeerfOCGdx/v8Ddj9cPm+2
h5wfjAoxtbkLfNcUzAZYBFPuwkI2gFo6STM/rJKi+HDPPO+J4JSloXB/20c/yDqP
1oviW9zpM1DIXODHFsUuaWKiR45cksyE3PyIk3ySlD0rLGcuu+u403kyAkiOvyo6
0i7O48DiQAG1YmFAlhYSng9LlJvpHSlSh9BEjE58yE4Zu6SibMUZhfGu/FixHNpe
aiBmJzOm/T6Z0xFqXGMwqb69A1/HGbXYp1pe/ePtJ2Pbz2JxqstsGPcjIvhpoI1i
EXa6rA9FIu694E1yJFTNjfj1k8jCpbkgW6o7sN/5XgvQLoPYRXXRIL97+vr5Uu5P
vEA6CJfpG83d1iwNDbjVKZBBcApURo2xnpe9LyW/LDLZ8ySdLDBs95ass0hTRTXS
4NpsK3eBwn+ttoGl9LGZanTQmg8Gxr1j5o4IVA3YGbxP3rvNeU6P0Lb/bDLhuRzR
BtX6zI9dkvTtGkCbmiXcA1kZo4RZ8jbCZ3MqQO7vGLZp/GxYvLX53VV2T7cXINPm
H+XvsygFFzF5TsVzvpsoYsPTgflo8uxu0EffktGzbHl8141YBKw20HwUFj3AMpXV
GMwiLTPH68zT6XixVjAZmzaD/lFO/2wyRLf6JR3QL4dR6avLj7/vQLWCNWsrpHzX
Gp66S+VvnO5TAhbcmWP4vSmo4fx0s2D7vB/fCXM8gP/NVM8Jw7/4UYMRAqi8VZhF
oIWP8uLhlPCNHSkH5OLNrWOvp7dKtAwAeWmSotzDs3LaRyFXhr8piO+AVfdpOy5J
hGX9hbH6I4LF2StJY1UJQCuoVxwhAt2d9zpwmdZfVcindhns9lT/v3J51JCvnKiD
3w1qaeq8krqjth3LP9CgM5kABcrY5/L81JrqgthTxtI09hiXYzUp8Bxbel769Do/
epYbDGZHvAZXmnj/wvfxnHUT3oZSja+vbvVP5S3znl1qxkEZhbl4na4eBvx3gzC5
e5t2zh/v7Nl/k/lbKwvWi5c1Z3R9NXG7H9BBosl2Ad5JbUBmsk/VIX6So+GXMpwk
B3M6nnRAhA0pj0rZ9gYNOlaCzvoyjePxnSvI2y2BGWM9sOtaRzoMLf/LGtfvH1bw
0gsuCsuhmkryukZkU2AQgQ==

You can see how this could be potentially useful if you're recursively fetching remote files that you want to store encrypted at-rest on disk. Hope you found this interesting  ;D
Report to moderator   Logged

Offline cyberdrifter

  • Knight
  • **
  • Posts: 176
  • Cookies: -90
    • View Profile
Re: [BASH] One-liner to encrypt & decrypt from STDIN/STDOUT
« Reply #1 on: March 26, 2015, 11:16:36 pm »
« Last Edit: March 26, 2015, 11:16:48 pm by cyberdrifter »
Report to moderator   Logged
.- / .-.. .. - - .-.. . / -... . - - . .-. --..-- / . ...- . .-. -.-- / -.. .- -.-- .-.-.-
Go ahead tubby, you clearly want/need those cookies more than me.  :P

Offline srirachasauce

  • /dev/null
  • *
  • Posts: 17
  • Cookies: -2
    • View Profile
Re: [BASH] One-liner to encrypt & decrypt from STDIN/STDOUT
« Reply #2 on: March 27, 2015, 03:14:10 am »
I encourage it! :)
Report to moderator   Logged
Pages: [1]