by Don Mahurin, 2022-03-29
OEncrypt is an ecryption interface that may run in a browser or on the command line.
The command line tool, 'oenc' is compatible with a subset of the openssl command line tool, (openssl enc ...).
The purpose of OEncrypt is to provide a mechanism to ecrypt files, and allow dynamic decryption in a Browser.
The Web Crypto API does provide interfaces to allow general encryption and decryption, but a user/developer cannot just take a commonly encrypted file (using openssl ..), and easily use the decrypted content in a browser.
- Programing interface portable to browser or nodejs, as long as the Web Crypto API is implemented.
- 'oenc' command line tool, compatible with openssl command line encryption, using PBKDF2 derived keys, and AES-256 encryption.
- AES wrapped keys, allowing the key to be password protected.
- Alternatively, allow use of a offset "key", which also allows password protection of the key
OpenSSL encryption, OEncrypt decryption
Using Oencrypt/oenc, you may decrypt files encrypted with openssl using aes-256 (ctr or cbc).
echo validate | openssl enc -aes-256-ctr -pbkdf2 -pass pass:test -iter 10000 | \ ./oenc -aes-256-ctr -pass test
Encryption/Decryption of AES wrapped keys
Often, it is desired to encrypt the keys so that the the user must also need to use a key to use the key.
The example below shows how Oencrypt/oenc may be used to use AES encrypted keys.
key="$(./oenc -genkey -pass test)" echo validate | ./oenc -key "$key" -pass test -base64 | \ ./oenc -key "$key" -pass test -base64 -d
Encryption on command line decryption in browser
OEncrypt may be used to encrypt files offline, and then decrypt and use them in a browser.
For example, the bottom of this page contains an encrypted image.
The image is encrypted with the following encrypted key encoded as Base64.
The key is encrypted with the passphrase 'test'.
If you enter import this key (which is entered by default in the page), and enter the password 'test', the image will appear. Concentric boxes.