Crypto Tools Notes
2018-08-28
GnuPG, OpenSSL, and some others.
Contents
Useful crypto tools
- quipquip - solve simple substitution ciphers.
- CyberChef - a data pipeline tool supporting lots of encodings.
- libnum - Python lib to work on numbers.
- factordb - factorize big numbers.
gpg
GnuPG allows you to encrypt and sign your data and communications.
List public keys
gpg -k
gpg --list-keys
List private keys
gpg -K
gpg --list-secret-keys
Encryption
gpg -c secret.txt
gpg -o secret.txt.gpg -c secret.txt
Decryption
gpg secret.txt.gpg
gpg -o secret.txt secret.txt.gpg
Generate a key
gpg --gen-key
Generate a key (full)
gpg --full-generate-key
Export public key
gpg --output public.key --export [USER] # binary
gpg --armor --output public.key --export [USER] # ASCII armored
gpg -a -o public.key --export [USER] # short version
Export private key
gpg --output private.key --export-secret-keys [USER] # binary
gpg --armor --output private.key --export-secret-keys [USER] # ASCII armored
gpg -a -o private.key --export-secret-keys [USER] # short version
Import a public key
gpg --import public.key
Encryption
gpg --encrypt --recipient Djosix secret.txt
gpg -e -r Djosix secret.txt # short
gpg --encrypt --output secret.txt.gpg --recipient Djosix secret.txt
gpg -e -r Djosix -o secret.txt.gpg secret.txt # short
Decryption
gpg --output secret.txt --decrypt secret.txt.gpg
gpg -o secret.txt -d secret.txt.gpg # short
openssl
Symmetric
Encryption
openssl enc -e -aes256 -in secret.txt -out secret.txt.enc
Decryption
openssl enc -d -aes256 -in secret.txt.enc -out secret.txt
Ignoring -in
or -out
will enable stdin
or stdout
.
RSA
Generate private key
openssl genrsa -out private_key.pem 4096
Generate public key
openssl rsa -in private_key.pem -out public_key.pem -outform PEM -pubout
Encrypt using public key
openssl rsautl -encrypt -inkey public_key.pem -pubin -in secret.txt -out secret.txt.enc
Decrypt using private key
openssl rsautl -decrypt -inkey private_key.pem -in secret.txt.enc -out secret.txt
RSA With Large Files
Generate a random key for symmetric encryption
openssl rand -base64 64 > key.bin
Encrypt using that key
openssl enc -aes-256-cbc \
-salt -in test.txt \
-out test.txt.enc \
-pass file:key.bin
Encrypt the key using RSA
openssl rsautl -encrypt \
-inkey public_key.pem -pubin \
-in key.bin \
-out key.bin.enc
Decrypt the key using RSA
openssl rsautl -decrypt -inkey private_key.pem -in key.bin.enc -out key.bin
Decrypt files with that key
openssl enc -d -aes-256-cbc -in test.txt.enc -out test.txt -pass file:key.bin
SSL Connection
openssl s_client -connect github.com:443
# "GET / HTTP/1.1\r\nHost: github.com\r\n\r\n"
But using ncat
is much easier
ncat --ssl github.com 443