OPENSSH: How to Create a Public/Private Key Pair

Install the OpenSSH utility on the machine which will instigate a secure connection request, by downloading the source files and copying them to (say) C:\ OPENSSH.

Open a command console (e.g. Windows cmd), and run the following command, from C:\ OPENSSH:

ssh-keygen -b 2048 -t rsa
Enter file in which to save the key: test_key
Enter passphrase: [create a passphrase, or leave blank for no passphrase]

Two files will be created:

test_key
test_key.pub

The test_key.pub file contains the public key (which can always be derived from the private key), and which can be provided to a third party to secure an SFT connection, for example.

Sun Solaris UNIX: How to Encrypt and Decrypt a File

SFTP can be used to encrypt a file in transit, but what if file-encryption-at-rest is required?

To encrypt a file “at rest” (i.e. on the file system), two things are required:

  1. the encryption algorithm must be chosen;
  2. an encryption “key” must be generated (or provided by a third party) – this is used to encrypt, and subsequently decrypt, the file.

In this example, a random key is generated in a 3DES format, using the dd utility:

dd if=/dev/urandom of=$HOME/key.3des.24 bs=24 count=1

…where:

  • if = file indicates a random key, using the /dev/urandom file
  • of = keyfile is the output file that holds the generated key
  • bs = n is the key size in bytes. For the length in bytes, divide the key length in bits by 8.
  • count = n is the count of the input blocks. The number for n should be 1.

The maximum and minimum key sizes (in bits, not bytes) can be determined using:

encrypt -l

…which gives:

Algorithm Keysize:        Min   Max (bits)
------------------------------------------
aes                       128   256
arcfour                     8  2048
des                        64    64
3des                      128   192
camellia                  128   256

The newly-generated key file, $HOME/key.3des.24, can then be used to encrypt a TEST.csv file (using the 3DES algorithm), using:

encrypt -a 3des -k $HOME/key.3des.24 -i ./TEST.csv -o ./e.TEST.csv

…and decrypted using:

decrypt -a 3des -k $HOME/key.3des.24 -i ./e.TEST.csv -o ./u.TEST.csv