Openssl issue

46019 · July 8, 2013, 4:12am

Hi,
I am using openssl as below for encryption of a string ( foo) and I have to pass the password twice for the same.

echo 'foo' | openssl aes-256-cbc -a -salt
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX1/MNPbAxaL/AYt5G8yPirMRq/AtcBMzVJc=

Is there any option to use openssl without passwords?

Thanks.

Corona688 · July 8, 2013, 2:27pm

man openssl shows many options to automate the password:

PASS PHRASE ARGUMENTS
       Several commands accept password arguments, typically using -passin and
       -passout for input and output passwords respectively. These allow the
       password to be obtained from a variety of sources. Both of these
       options take a single argument whose format is described below. If no
       password argument is given and a password is required then the user is
       prompted to enter one: this will typically be read from the current
       terminal with echoing turned off.

       pass:password
                 the actual password is password. Since the password is visi-
                 ble to utilities (like 'ps' under Unix) this form should only
                 be used where security is not important.

       env:var   obtain the password from the environment variable var. Since
                 the environment of other processes is visible on certain
                 platforms (e.g. ps under certain Unix OSes) this option
                 should be used with caution.

       file:pathname
                 the first line of pathname is the password. If the same path-
                 name argument is supplied to -passin and -passout arguments
                 then the first line will be used for the input password and
                 the next line for the output password. pathname need not
                 refer to a regular file: it could for example refer to a
                 device or named pipe.

       fd:number read the password from the file descriptor number. This can
                 be used to send the data via a pipe for example.

       stdin     read the password from standard input.

As for leaving off the password completely, what would be the point?

Just_Ice · July 8, 2013, 6:14pm

after you understand the man page info, check the -k option to openssl for supplying the password ...

root@debiangeek:~# echo 'foo' | openssl aes-256-cbc -a -salt -k 123abc
U2FsdGVkX19qZvtvojYJL3aTXiQL+IGoj5oMLwuxmPg=
root@debiangeek:~#