[headbirth]

Hi, I was wondering if anyone knew of any command line tools to encrypt text for pasting into ichat messages and email.

Something stronger than ROT13.

Thanks.

[spiky_dog]

why does it have to be command line? gpg has command line and gui options in any case: http://www.gnupg.org/

[headbirth]

I'm looking to use OnMyCommand CM to create a tool similar to this one:

http://www.mizog.com/productinfo/secretservice.html

[ranga]

Hi,

You can probably use OpenSSL to do this. To encrypt some text you can use:

openssl enc -bf -a -pass pass:abc123

Just start typing and when you finish typing hit return then press Control-D. OpenSSL will printout the encrypted text starting on the next line. You can then copy and paste the text into iChat or Mail.

In case you are wondering enc invokes the encryption mode, -bf says that the cipher to use is Blowfish (there are several other ciphers you can use), -a says that the output should be base64 encoded (so you can paste it into iChat/Mail w/o problems) and -pass pass:abc123 says that the password is abc123 (obviously you will need to use some other password).

To decrypt a file encrypted using openssl you can use:

openssl enc -d -a -bf -pass pass:abc123

Just paste in the encrypted text, hit return and press Control-D. OpenSSL will print out the plain-text starting on the next line.

The -d after enc tells OpenSSL to decrypt rather than encrypt.

HTH,

--ranga

[headbirth]

ranga,

that works great, but what is the control-D doing? is it necessary?

[spiky_dog]

Originally posted by headbirth:
ranga,

that works great, but what is the control-D doing? is it necessary?

if i understand correctly, control d is exiting to the shell.

[ranga]

Originally posted by headbirth:
what is the control-D doing? is it necessary?

When you run OpenSSL the program starts up and waits for you to start typing in your message. In order to encrypt the message properly, it needs to read in your complete message. The Control-D tells OpenSSL that your message is complete. If you are typing text into the terminal the Control-D is needed.

I didn't mention this earlier but another way to use openssl is to encrypt and decrypt files. When you use files the Control-D is not needed. To encrypt a file you can use the following:

openssl enc -bf -a -pass pass:abc123 < file.in > file.enc

Here file.in is the name of the file you are encrypting. To decrypt the file you can use:

openssl enc -d -a -bf -pass pass:abc123 < file.enc > file.out

Here file.out is the name of the file you want the decrypted output stored in. If you are doing this on the same computer you probably want to make sure that the filename of the input file and the output file are different or you risk overwriting your original file.

BTW, Control-D can be used to exit a shell as well. The way a shell works is that it reads your input one line at a time and works on that line. When you type Control-D in the shell it tells the shell you are all done with input. Since there is nothing else to do, the shell exits.

HTH,

--ranga

[headbirth]

Thanks spiky & ranga,

I was looking to automate this without having to jump into the terminal. the only problem I run into is having to enter the key command to get my output.

If you were writing this as an automated shell script, is there a way to have the key command entered automatically?

I do have an OnMyCommand command to encrypt files using ssl already, but I tend to use ccrypt instead. Thanks for the tip though.

[Turnpike]

I'm almost sure there's a way to send the end-of-input control sequence to the terminal without using a keyboard...

I'd try sending "\C-d" (without the quotes)... I think that might function the same as hitting control-d. Otherwise, there might be a specific escape sequence that will work as end of input. I might be thinking of something else (eg emacs) though


furthermore, I'd look into something like storing a temp file to do the encryption... or perhaps this can all be done via pipelines and you won't have to worry about end of input.

[ranga]

Sorry, I didn't quite understand what you were trying to do. The following might work for you:

echo 'my message' | openssl enc -bf -a -pass pass:abc123

The output from the command will be the encrypted text. To decrypt just do the same in reverse:

echo 'encrypted message' | openssl enc -d -a -bf -pass pass:abc123

If your message contains a single quote, this won't work. You would need to use a temp file in that case.

--ranga

[[APi]TheMan]

In reading this thread and the man page for openssl I've learned a few cool things about the syntax that can be used for encrypting stuff, but I do have a question about the example given earlier in this thread:

Code:
openssl enc -a -bf -pass pass:<pass>

What's the "-a" for? The man page doesn't seem to document it.


edit: On second look, the command-line help for "enc" does say it's for "base64" encoding/decoding. A simple "openssl --help" doesn't mention it, but type in an "enc" command wrong and it'll spit the usage bit out.

So since we're here, what's that base64 encoding and decoding stuff?

[ranga]

If you don't supply the -a, the output from openssl will be in binary format which means that you can't cut and paste it into an email message or iChat session since they can only handle ascii (and some other related encodings). If you base64 encode the output it will be encoded in ascii and can be cut and pasted into almost any message.

--ranga

[[APi]TheMan]

Originally posted by ranga:
If you don't supply the -a, the output from openssl will be in binary format which means that you can't cut and paste it into an email message or iChat session since they can only handle ascii (and some other related encodings). If you base64 encode the output it will be encoded in ascii and can be cut and pasted into almost any message.

Interesting. So what about this garbage that it prompts for when the "-a" isn't specified?:

Code:
[aorth@thefro: ~]$ openssl enc -bf -pass pass:blah
Salted__?*sLż??

I've heard about salts before when I've been surrounded by cryptography dudes. Maybe it's time I picked up Cryptography for Dummies, eh?

[headbirth]

Another question to add to the list. It was mentioned that the text would have to be placed in a temp file in order to be able to handle quoted text. How does one go about shunting this to a temp file and back?

Is there an alternative to doing this? Encode it first then encrypt it?

[ranga]

A salt is a random string that is added to your password in order to make it harder to guess.

If you want to learn about crypto, I would recommend Practical Cryptography by Ferguson and Schneier.

--ranga

[headbirth]

So, do I use pbpaste to generate a temp file?