QeeqBox

Tag: encryption

Diffie Hellman
Diffie Hellman

A cryptographic method that allows two parties to securely establish a shared secret key over an insecure communication channel, such as the internet, without ever directly transmitting the key itself. This shared secret can then be used to encrypt subsequent communications using symmetric encryption algorithms.Developed by Whitfield Diffie and Martin Hellman in 1976, the algorithm was a groundbreaking advancement in cryptography because it solved the problem of secure key exchange over unsecured networks.

#The safe_prime is generated by the server and sent to the clients
#If you change the 1024 to 2048 bits, the safe prime will take longer

openssl # an open-source cryptography toolkit
dhparam # generates Diffie-Hellman parameters
-out safe_prime.key # output file for DH parameters
1024 # size of the prime in bits (minimum for learning; modern use: 2048+)
```
openssl dhparam -out safe_prime.key 1024
```
openssl # an open-source cryptography toolkit
genpkey # generates a private key based on specified parameters
-paramfile safe_prime.key # DH parameters to use
-out alice_private.key # output private key file for Alice
```
openssl genpkey -paramfile safe_prime.key -out alice_private.key
```
openssl # an open-source cryptography toolkit
genpkey # generates a private key based on specified parameters
-paramfile safe_prime.key # DH parameters to use
-out bob_private.key # output private key file for Bob
```
openssl genpkey -paramfile safe_prime.key -out bob_private.key
```
openssl # an open-source cryptography toolkit
pkey # public/private key utility
-in alice_private.key # input file containing Alice’s private key
-text # show key parameters in plain text (human-readable)
-noout # do NOT output the PEM/DER encoded key
```
openssl pkey -in alice_private.key -text -noout
```
openssl # an open-source cryptography toolkit
pkey # public/private key utility
-in bob_private.key # input file containing Bob’s private key
-text # show key parameters in plain text (human-readable)
-noout # do NOT output the PEM/DER encoded key
```
openssl pkey -in bob_private.key -text -noout
```
openssl # an open-source cryptography toolkit
pkey # public/private key utility
-in alice_private.key # input file containing Alice’s private key
-pubout # output the corresponding public key
-out alice_public.key # save the public key to this file
```
openssl pkey -in alice_private.key -pubout -out alice_public.key
```
openssl # an open-source cryptography toolkit
pkey # public/private key utility
-in bob_private.key # input file containing bob’s private key
-pubout # output the corresponding public key
-out bob_public.key # save the public key to this file
```
openssl pkey -in bob_private.key -pubout -out bob_public.key
```
openssl # an open-source cryptography toolkit
pkeyutl # utility for public/private key operations
-derive # derive a shared secret (used in Diffie-Hellman key exchange)
-inkey alice_private.key # Alice’s private key
-peerkey bob_public.key # Bob’s public key
-out alice_shared_secret # output file containing the derived shared secret
```
openssl pkeyutl -derive -inkey alice_private.key -peerkey bob_public.key -out alice_shared_secret
```
openssl # an open-source cryptography toolkit
pkeyutl # utility for public/private key operations
-derive # derive a shared secret (used in Diffie-Hellman key exchange)
-inkey bob_private.key # Bob’s private key
-peerkey alice_public.key # Alice’s public key
-out bob_shared_secret # output file containing the derived shared secret
```
openssl pkeyutl -derive -inkey bob_private.key -peerkey alice_public.key -out bob_shared_secret
```
cmp # Unix command to compare two files byte by byte
alice_shared_secret # file containing the shared secret derived by Alice
bob_shared_secret # file containing the shared secret derived by Bob
```
cmp alice_shared_secret bob_shared_secret
```
xxd # Unix command to create a hex dump of a file
alice_shared_secret # file containing the derived shared secret
```
xxd alice_shared_secret
```
xxd # Unix command to create a hex dump of a file
alice_shared_secret # file containing the derived shared secret
```
xxd bob_shared_secret
```
May 16, 2026
Rivest Shamir Adleman
Rivest Shamir Adleman (RSA)

A public-key cryptosystem that uses a pair of mathematically related keys: a public key for encryption and a private key for decryption. It was developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman and remains one of the most widely used asymmetric encryption algorithms in the world.RSA relies on the mathematical difficulty of factoring large prime numbers to ensure security. While the public key can be freely shared to encrypt messages, only the holder of the corresponding private key can decrypt the ciphertext. This allows secure communication between parties without the need to share a secret key in advance.

echo “test” > input.txt # Create a file named input.txt containing the text “test”
```
echo "test" > input.txt
```
openssl # an open-source cryptography toolkit
genrsa # generates an RSA private key
-out private.key # output file for private key
2048 # key size in bits (secure for most uses)
```
openssl genrsa -out private.key 2048
```
openssl # an open-source cryptography toolkit
rsa # RSA key utility
-in private.key # input private key
-pubout # output the corresponding public key
-out public.key # output file for public key
```
openssl rsa -in private.key -pubout -out public.key
```
openssl # an open-source cryptography toolkit
pkeyutl # utility for public/private key operations
-encrypt # encrypt mode
-pubin # input key is a public key
-inkey public.key # the public key used for encryption
-in input.txt # plaintext input file
-out encrypted.txt # output ciphertext file
```
openssl pkeyutl -encrypt -pubin -inkey public.key -in input.txt -out encrypted.txt
```
openssl # an open-source cryptography toolkit
-decrypt # decrypt mode
-inkey private.key # the private key used for decryption
-in encrypted.txt # input ciphertext file
-out decrypted.txt # output plaintext file
```
openssl pkeyutl -decrypt -inkey private.key -in encrypted.txt -out decrypted.txt
```
cat decrypted.txt # Display the decrypted file contents
```
cat decrypted.txt
```
May 16, 2026
Advanced Encryption Standard
Advanced Encryption Standard (AES)

A symmetric block cipher selected by the U.S. National Institute of Standards and Technology (NIST) in 2001 to replace the older Data Encryption Standard (DES). AES is widely used to protect sensitive and classified information in both government and commercial applications.AES encrypts data in fixed-size blocks of 128 bits and supports key lengths of 128, 192, or 256 bits, providing strong security against modern cryptographic attacks. It operates using a series of substitution, permutation, and mixing operations across multiple rounds, depending on the key size (10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys).

echo “test” > input.txt # Create a file named input.txt containing the text “test”
```
echo "test" > input.txt
```
openssl # OpenSSL command-line cryptography tool
enc # encryption/decryption utility
-e # encrypt mode
-aes-256-cbc # AES algorithm with 256-bit key in CBC mode
-in input.txt # plaintext input file
-out encrypted.txt # output encrypted file
-k test # password used to derive the encryption key
-iv 0 # initialization vector (IV) set to all zeros (INSECURE)
```
openssl enc -e -aes-256-cbc -in input.txt -out encrypted.txt -k test -iv 0
```
openssl # OpenSSL command-line cryptography tool
-d # decrypt mode
-aes-256-cbc # same algorithm and mode used for encryption
-in encrypted.txt # input ciphertext file
-out decrypted.txt # output decrypted file
-k test # same password used to derive the key
-iv 0 # same IV must be used for decryption
```
openssl enc -d -aes-256-cbc -in encrypted.txt -out decrypted.txt -k test -iv 0
```
cat decrypted.txt # Display the decrypted file contents
```
cat decrypted.txt
```
One liner
```
echo test123 | openssl enc -k 33 -aes-256-ctr -nosalt -a | openssl enc -d -k 33 -aes-256-ctr -nosalt -a
```
May 16, 2026
Rivest Cipher 4
Rivest Cipher 4 (RC4)

A stream cipher designed by Ronald Rivest in 1987. Unlike block ciphers, which encrypt fixed-size blocks of data, RC4 encrypts data one byte at a time. This makes it well-suited for applications where data arrives in variable-length streams, such as network communications.RC4 generates a pseudorandom key stream based on an initial secret key. Each byte of plaintext is then combined with the key stream using the XOR operation to produce ciphertext. Decryption uses the same key to regenerate the key stream, and XOR is applied again to recover the original plaintext.

echo “test” > input.txt # Create a file named input.txt containing the text “test”
```
echo "test" > input.txt
```
openssl # an open-source cryptography toolkit
-e #encrypt
-rc4 # RC4 algorithm (deprecated / insecure)
-in input.txt # input plaintext file
-out encrypted.txt # output encrypted file
-K ‘000102030405060708090A0B0C0D0E0F’ # raw encryption key in hexadecimal (128-bit key)
-provider legacy # required because DES is deprecated in OpenSSL 3+
```
openssl enc -e -rc4 -in input.txt -out encrypted.txt -K '000102030405060708090A0B0C0D0E0F' -provider legacy
```
openssl # an open-source cryptography toolkit
-d # decrypt
-rc4 # same algorithm and mode used for encryption
-in encrypted.txt # input ciphertext file
-out decrypted.txt # output decrypted file
-K ‘000102030405060708090A0B0C0D0E0F’ # raw encryption key in hexadecimal (128-bit key)
-nosalt # disables salt (needed because encryption used raw key)
-provider legacy # enables deprecated DES support
```
openssl enc -d -rc4 -in encrypted.txt -out decrypted.txt -K '000102030405060708090A0B0C0D0E0F' -nosalt -provider legacy
```
cat decrypted.txt # Display the decrypted file contents
```
cat decrypted.txt
```
May 16, 2026
Data Encryption Standard
Data Encryption Standard (DES)

A symmetric key block cipher that was widely used for securing electronic data. DES operates by encrypting 64-bit blocks of data using a 56-bit key, producing a corresponding 64-bit ciphertext block.DES follows the Feistel structure, which means it divides the data block into two halves and applies multiple rounds of substitution and permutation to increase security. Each round uses the key in a complex transformation process to scramble the data, making it difficult for unauthorized parties to recover the original plaintext without the correct key.

echo “test” > input.txt # Create a file named input.txt containing the text “test”
```
echo "test" > input.txt
```
openssl # an open-source cryptography toolkit
-e #encrypt
-des-ecb # use DES algorithm in ECB mode
-in input.txt #input plaintext file
-out encrypted.txt # output encrypted file
-K 0001020304050607 # explicit 64-bit DES key in hex
-provider legacy # required because DES is deprecated in OpenSSL 3+
```
openssl enc -e -des-ecb -in input.txt -out encrypted.txt -K 0001020304050607 -provider legacy
```
openssl # an open-source cryptography toolkit
-d # decrypt
-des-ecb # same algorithm and mode used for encryption
-in encrypted.txt # input ciphertext file
-out decrypted.txt # output decrypted file
-K 0001020304050607 # same key used for encryption
-nosalt # disables salt (needed because encryption used raw key)
-provider legacy # enables deprecated DES support
```
openssl enc -d -des-ecb -in encrypted.txt -out decrypted.txt -K '0001020304050607' -nosalt -provider legacy
```
cat decrypted.txt # Display the decrypted file contents
```
cat decrypted.txt
```
May 16, 2026