Disaster encryption scheme
Key generation
- secret (raw):
openssl rand -out ./key.secret.raw 1024 # -rand /dev/urandom
- private key:
openssl genrsa -aes256 -out ./key.private.pem -passout file:./key.secret.raw 8192 # -rand /dev/urandom
- public key:
openssl rsa -in ./key.private.pem -passin file:./key.secret.raw -out ./key.public.pem -pubout
Session key management
- secret generation:
openssl rand -out ./session.secret.raw 1000 # -rand /dev/urandom
- secret encryption:
openssl rsautl -encrypt -in ./session.secret.raw -out ./session.secret.enc -pkcs -inkey ./key.public.pem -pubin
- secret decryption:
openssl rsautl -decrypt -in ./session.secret.enc -out ./session.secret.raw -pkcs -inkey ./key.private.pem -passin file:./key.secret.raw
Session data management
- data encryption:
openssl enc -e -aes-256-cbc -md sha512 -salt -pass file:./session.secret.raw -bufsize 4096 <./session.data.raw >./session.data.enc
- data decryption:
openssl enc -d -aes-256-cbc -md sha512 -salt -pass file:./session.secret.raw -bufsize 4096 <./session.data.enc >./session.data.raw