How to use password argument in via command line to openssl for decryption

linux command-line openssl
181,694

Solution 1

The documentation wasn't very clear to me, but it had the answer, the challenge was not being able to see an example.

Here's how to do it:

openssl aes-256-cbc -in some_file.enc -out some_file.unenc -d -pass pass:somepassword

Notice that the command line command syntax is always -pass followed by a space and then the type of passphrase you're providing, i.e. pass: for plain passphrase and then the actual passphrase after the colon with no space.

Additionally the documentation specifies you can provide other passphrase sources by doing the following:

  • env:somevar to get the password from an environment variable
  • file:somepathname to get the password from the first line of the file at location pathname
  • fd:number to get the password from the file descriptor number.
  • stdin to read from standard input

Now that I've written this question and answer, it all seems obvious. But it certainly took some time to figure out and I'd seen it take others similar time, so hopefully this can cut down that time and answer faster for others! :)

With OpenSSL 1.0.1e the parameter to use is -passin or -passout. So this example would be:

openssl aes-256-cbc -in some_file.enc -out some_file.unenc -d -passin pass:somepassword

Solution 2

I used -passin and -passout to set passwords to both files in example:

openssl pkcs12 -in voip.p12 -out voip.pem -passin pass:123 -passout pass:321

where 123 and 321 are password

Solution 3

At this moment Ubuntu 14.04 LTS comes with openssl 1.0.1f-1ubuntu2.16

In this version the parameter to use is -k

Example:

openssl enc -aes-256-cbc -e -in some_file.unenc -out some_file.enc -k somepassword
Share:
181,694

Related videos on Youtube

David Sulpy
Author by

David Sulpy

Updated on September 18, 2022

Comments

  • David Sulpy
    David Sulpy over 1 year

    So it's not the most secure practice to pass a password in through a command line argument. That said, the documentation for openssl confused me on how to pass a password argument to the openssl command.

    Here's what I'm trying to do

    openssl aes-256-cbc -in some_file.enc -out some_file.unenc -d

    This then prompts for the pass key for decryption. I searched the openssl documents and the interwebs to try and find the answer if I simply wanted to give the password to the command without trying to echo the password to the file. I tried adding -pass:somepassword and -pass somepassword both with and without quotes to no avail.

    I finally figured out the answer and saw in some other forums people had similar questions, so I thought I would post my question and answer here for the community.

    note: I'm using openssl version 0.9.8y

  • dtmland
    dtmland almost 7 years
    What's the difference between using passin or passout? - Ha! Just looked it up, stdin vs stdout of course!
  • dave_thompson_085
    dave_thompson_085 almost 7 years
    Note that the documentation for password options applying to most openssl commands (not just enc) is in the man page for openssl(1) also on the web under 'OPTIONS'. But I don't believe your last bit about -passin/out; other openssl commands like rsa dsa ec pkey pkcs8 pkcs12 req ca do use those but in every version I've seen including 1.0.1e built directly from upstream source enc uses -pass or -k -kfile as documented (on the enc manpage).
  • sibaz
    sibaz over 6 years
    in your example, -k is an option available to the openssl 'enc' command (try man enc) it is not a general option. If you look at man openssl you'll see under the 'Pass Phrase Options' heading, what the general options are; pass:password, env:var, file:pathname, fd:number or stdin, as mentioned in an earlier response.
  • frakman1
    frakman1 about 6 years
    How about the openssl dgst command? How do you enter the passphrase for that at the command line?
  • drmad
    drmad about 6 years
    btw -passin is used to provide a password for the input certificate, and -passout is for the new generated certificate

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I use cat to base64 encode stdin on the fly with openssl?
Decrypt with the public key using openssl in commandline
How to delete folders that are older than a day? (Cron Job)
java.lang.NoSuchMethodError: Graph: method <init>()V not found
Multiplication of 2 variables
There is no openssl.so extension with php7.2.x
Client-Server communication using OPENSSL (using Certificate)
How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?
How to compile PHP with new OpenSSL library
Linux commandline convert pdf to excel