Below is a quick config on how to to encrypt and decrypt large files using OpenSSL and Linux such as Redhat, Ubuntu, Debian, CentOS, Fedora etc. First, what you will need is a some sort of arbitrary file. Let's create 1GB file now:
$ fallocate -l 1G large_file.img
$ ls -lh large_file.img
-rw-r--r--. 1 lrendek lrendek 1.0G Jan 2 16:40 large_file.img
Now that we have sample 1GB in size file, what we need next is an OpenSSL public and private key pair. This can be done by a following linux command
$ openssl req -x509 -nodes -newkey rsa:2048 -keyout private-key.pem -out public-key.pem
Generating a 2048 bit RSA private key
writing new private key to 'private-key.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:
State or Province Name (full name) :
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :
Email Address :
There is not need to answer any of the above questions so simply hit
to continue. Now you should have both private and public keys in your current working directory:
$ ls -l *.pem
-rw-rw-r--. 1 lrendek lrendek 1704 Jan 2 16:45 private-key.pem
-rw-rw-r--. 1 lrendek lrendek 1220 Jan 2 16:45 public-key.pem
Make sure to keep your private key in the save location otherwise you will not be able to decrypt your files and your files may be decrypted by someone else.
SUBSCRIBE TO NEWSLETTER
Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.
Encrypt large file using OpenSSL
Now we are ready to decrypt large file using OpenSSL encryption tool:
$ openssl smime -encrypt -binary -aes-256-cbc -in large_file.img -out large_file.img.dat -outform DER public-key.pem
The above command have encrypted your large_file.img and store it as large_file.img.dat:
$ ls -l large_file.img*
-rw-r--r--. 1 lrendek lrendek 1073741824 Jan 2 16:40 large_file.img
-rw-rw-r--. 1 lrendek lrendek 1073742293 Jan 2 16:49 large_file.img.dat
We can generate hash using
for both files so we can compare them once we decrypt our file:
$ md5sum large_file.img*
Decrypt large file using OpenSSL
$ openssl smime -decrypt -in large_file.img.dat -binary -inform DEM -inkey private-key.pem -out decrypted_large_file.img
The above command have decrypted our previously encrypted large file ans stored it as
. Let's once again generate md5sum hash to compare our results:
$ md5sum *large_file.img*
From the above output you can see that
and the original