encryption-decryption instructions.html

*******************************
Instructions for decrypting the INNS-IJCNN email list

As RSA is not appropriate for encrypting modest-sized files, a standard hybrid [symmetric, public-private] approach was used, which is a nice compromise between [security, computational limits]. Because you used openssl, I have used it for the encryption. The commands below are Linux bash, and I assume that the Windows command line commands would be the same? That assumes that you replace the variables (start with "$") with the filepath (directory and filename) of where you want to store the files. The quotation marks ensure that filepaths with spaces are properly treated.

# 1. First decrypt the symmetric key using your private key :
openssl rsautl -decrypt -inkey "$key_private" -in "$key_symmetric_encrypted" -out "$key_symmetric_decrypted"

# 2. Using the decrypted symmetric key, decrypt the medium sized encrypted file :
openssl enc -d -aes-256-cbc -in "$f_encrypted" -out "$f_decrypted" -pass file:"$key_symmetric_decrypted"

# Here :
# $key_private = the filepath of your private key complement to the public key that you sent to me.
# $key_symmetric_encrypted = specify a filepath where you saved $key_symmetric_encrypted
# $key_symmetric_decrypted = specify a filepath where you want $key_symmetric_decrypted (the result of step 1)
# $f_encrypted = specify a filepath where you saved $f_encrypted
# $f_decrypted = specify a filepath where you want $f_decrypted (the result of step 2)

Note : It is really easy for me to attach the wrong file (so many keys, versions). So let me know if you have problems.

********************************
How I did the encryptions

The attached Linux bash file "openssl encrypt medium sized file.sh" describes precisely how I did the encryptions, and provides some references. I use a bash file, which you could convert to the Windows equivalent, because it is easy to make mistakes (wrong [key, file] in wrong place, etc) even though the process is VERY simple! It is also better than "talking about" the process in general terms.

For now I've used 32byte encryption, which is crazy-too-small...

I tested the code with my own temporary [public, private] keys :
$ bash "/media/bill/SWAPPER/bin/openssl encrypt medium sized file.sh"
diff "$key_symmetric" "$key_symmetric_decrypted" : (no output if correct)
diff "$f_input" "$f_decrypted" : (no output if correct)

As you can see, there were no differences in either the symmetric key or $f_decrypted ("181006 IJCNN mass email list.txt"), so the encryptions worked properly.

Last updated:
13Apr2020 initial? (not sure wheenI would have to dig to find it)