Openssl Generate Aes 256 Key

Posted on by

Generate same 3DES / AES-128 / AES-256 encrypted message with Python / PHP / Java / C# and OpenSSL Posted on May 26, 2017 by Victor Jia 2017/6/5 Update: Added C# implement. The Advanced Encryption Standard is the most commonly used encryption algorithm in use on computers and over the internet. To encrypt a string, select the green Encrypt button, enter the text you want to encrypt in the upper Plaintext box, and enter the key or password that it should be encrypted with in the Key box.

This post briefly describes how to utilise AES to encrypt and decrypt files with OpenSSL.

AES - Advanced Encryption Standard (also known as Rijndael).

OpenSSL - Cryptography and SSL/TLS Toolkit

We’ll walk through the following steps:

Openssl Generate Aes 256 Key Size

  • Generate an AES key plus Initialization vector (iv) with openssl and
  • how to encode/decode a file with the generated key/iv pair

Note: AES is a symmetric-key algorithm which means it uses the same key during encryption/decryption.

Generating key/iv pair

We want to generate a 256-bit key and use Cipher Block Chaining (CBC).

Aes

The basic command to use is openssl enc plus some options:

  • -P — Print out the salt, key and IV used, then exit
  • -k <secret> or -pass pass:<secret> — to specify the password to use
  • -aes-256-cbc — the cipher name

Note: We decided to use no salt to keep the example simple.

Issue openssl enc --help for more details and options (e.g. other ciphernames, how to specify a salt, …).

Encoding

Let's start with encoding Hello, AES! contained in the text file message.txt:

Openssl generate random aes 256 key

Decoding

Decoding is almost the same command line - just an additional -d for decrypting:

Openssl Generate Aes 256 Keys

Note: Beware of the line breaks

While working with AES encryption I encountered the situation where the encoder sometimes produces base 64 encoded data with or without line breaks...

Short answer: Yes, use the OpenSSL -A option.

There are multiple ways of generating an encryption key. Most implementations rely on a random object. All examples mentioned here use a secure cryptographic randomizer.

PowerShell

Base64

Openssl generate aes 256 key detectionOpenssl Generate Aes 256 Key

Hex

Generate

C#

The code snippets below can be run from LINQPad or by copying the following code into a new project and referencing System.Security.

Openssl Generate Random Aes 256 Key

Base64

Hex

OpenSSL

OpenSSL is well known for its ability to generate certificates but it can also be used to generate random data.

Base64

Generates 32 random bytes (256bits) in a base64 encoded output:

Plaintext

Openssl Generate Aes 256 Key Base64

Generates 32 random characters (256bits):

Be aware that strings parsed by NServiceBus do not use extended ASCII which limits the key range to 7 bits per character.

Related Articles

  • Message Property Encryption
    Encrypt message fragments using property encryption.
  • Security
    Security features for messages, transports, and persisters.