OpenSSL salted format
From Just Solve the File Format Problem
(Difference between revisions)
(Created page with "{{FormatInfo |subcat=Encryption }} '''OpenSSL salted format''' is our name for the file format ''OpenSSL'' usually uses when writing password-protected encrypted files. == Fo...") |
m |
||
(One intermediate revision by one user not shown) | |||
Line 2: | Line 2: | ||
|subcat=Encryption | |subcat=Encryption | ||
}} | }} | ||
− | '''OpenSSL salted format''' is our name for the file format | + | '''OpenSSL salted format''' is our name for the file format [[OpenSSL]] usually uses when writing password-protected encrypted files. |
== Format == | == Format == | ||
− | Files have an 8-byte signature, followed by an 8-byte salt. Following the salt is the encrypted data. | + | Files have an 8-byte signature, followed by an 8(?)-byte salt. Following the salt is the encrypted data. |
The salt and password are to be combined in a particular way, to derive the encryption key and initialization vector. | The salt and password are to be combined in a particular way, to derive the encryption key and initialization vector. | ||
Line 22: | Line 22: | ||
== Software == | == Software == | ||
− | * [ | + | * [[OpenSSL]] |
Latest revision as of 20:14, 29 January 2016
OpenSSL salted format is our name for the file format OpenSSL usually uses when writing password-protected encrypted files.
Contents |
[edit] Format
Files have an 8-byte signature, followed by an 8(?)-byte salt. Following the salt is the encrypted data.
The salt and password are to be combined in a particular way, to derive the encryption key and initialization vector.
No information about which encryption cipher was used is stored in the file. In order to decrypt the file, the cipher must be known by external means, or guessed. (Obviously, the same goes for the password.)
[edit] Identification
Files begin with an 8-byte signature: the ASCII characters "Salted__
".
[edit] Example
To encrypt a file:
$ openssl aes-128-cbc -in secret.txt -out secret.txt.enc
To decrypt:
$ openssl aes-128-cbc -d -in secret.txt.enc -out secret2.txt