If you have a secret key that you need to send to your friend, you certainly want to encrypt this secret. Sending secrets over the Internet is not recommended.
Recommended movie: The Imitation Game, the movie about how Alan Turing hacked the Enigma machine in the 2nd World War.
Back to our task:
First put your secrets into a file called:
api_keys.txt
Then use this command to encrypt it:
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -in api_keys.txt -out api_keys.enc -k YourEncryptedPassWord
Then send the api_key.enc file to your friend by email.
The password YourEncryptedPassWord you send to your friends phone through sms.
Make sure your friend doesn’t decrypt the file on his phone, only on his computer.
Your friend can decrypt the file with:
openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -in api_keys.enc -out api_keys_decrypted.txt -k YourEncryptedPassWord
Explanation:
* pbkdf2: This flag enables PBKDF2 (Password-Based Key Derivation Function 2), which is more secure than the older key derivation functions.
* iter 100000: This specifies the number of iterations for the key derivation function, increasing the computational effort required to crack the password. You can adjust this number based on your security needs (100,000 is a good default).
One thought on “Use openssl to encrypt secrets”
Hi! Very useful info! Thank you!