LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   OpenSSL Encryption with AES (http://www.linuxquestions.org/questions/linux-software-2/openssl-encryption-with-aes-686385/)

kaplan71 11-26-2008 11:44 AM

OpenSSL Encryption with AES
 
Hi there --

I am running a script that encrypts a newly created tar file with des3 encrytion. The user is prompted for a password that is to be associated with the file.

I wanted to explore the possibility of using aes as a possible replacement for des3 encryption. If I were to go down that route, will I still be able to associate a password with the encrypted tar file? Also, will there a be a speed degradation involved with aes encryption? Thanks.

Berhanie 11-26-2008 12:26 PM

Yes, both aes and des3 are symmetric algorithms and therefore require a key (which is derived from the passphrase). Not sure about the speed difference, but there are various versions of aes, differing in the length of key (e.g. aes128, aes256).

kaplan71 11-26-2008 12:39 PM

Hi there --

Thanks for your reply. Based on your answer, the command in question:

Code:

$cmd= "(cd $source; tar -cvf - . |openssl des3 -salt -k $password > $destination/archive.tar.des3)";
Could be changed to one of the following:

Code:

$cmd= "(cd $source; tar -cvf - . |openssl aes128 -salt -k $password > $destination/archive.tar.aes128)";
Code:

$cmd= "(cd $source; tar -cvf - . |openssl aes256 -salt -k $password > $destination/archive.tar.aes256)";
The speed issue would probably be dependent on the CPU. That being the case, it would probably take, in theory, twice as long to encrypt the file using aes256 as opposed to aes128 encryption. Correct?

One other question: Is des3 truly 168-bit encryption due to its triple layer of 56-bit, or is it three separate 56-bit instances of DES? Thanks.

Berhanie 11-26-2008 01:46 PM

Quote:

in theory, twice as long to encrypt the file using aes256 as opposed to aes128 encryption. Correct?
I would think not. Here's what Wikipedia says:
Quote:

AES has 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys.
des3 is 3 separate instances of des placed back-to-back in some fashion, from what I understand. See Wikipedia again about the placement possibilities.


All times are GMT -5. The time now is 06:51 PM.