Discussion:
Openssl encrypt on UNIX, decrypt on Windows
(too old to reply)
Buicliu, Ion VSA:EX
2008-11-19 19:35:06 UTC
Permalink
Our UNIX-based organization is preparing to send encrypted data to a
Windows-based organization.
We have openSSL 0.9.8 on UNIX. We create the keys and will send them to
the client in one process, then encrypt the data files and send them to
the client in a different process.
I don't know much about openSSL on Windows. My question:
- is it possible to configure Windows with openSSL to use the keys and
decrypt the files encrypted on UNIX?
- how difficult is this operation?

Since the client seems to think that this is difficult to do, I would
appreciate if you guide me in the right direction. In the end it is the
client's responsibility to do it, but I'd like to have an idea of what's
involved.

Thank you

Ion Buicliu
jul
2008-11-19 19:56:54 UTC
Permalink
Post by Buicliu, Ion VSA:EX
Our UNIX-based organization is preparing to send encrypted data to a
Windows-based organization.
We have openSSL 0.9.8 on UNIX. We create the keys and will send them
to the client in one process, then encrypt the data files and send
them to the client in a different process.
- is it possible to configure Windows with openSSL to use the keys
and decrypt the files encrypted on UNIX?
Yes
Post by Buicliu, Ion VSA:EX
- how difficult is this operation?
Are you using OpenSSL CLI tools on UNIX?

If so do the same on windows; compile OpenSSL and use the transferred
keys and decrypt the data.
Post by Buicliu, Ion VSA:EX
Since the client seems to think that this is difficult to do, I
would appreciate if you guide me in the right direction. In the end
it is the client's responsibility to do it, but I'd like to have an
idea of what's involved.
Thank you
Ion Buicliu
Buicliu, Ion VSA:EX
2008-11-19 21:34:46 UTC
Permalink
"Are you using OpenSSL CLI tools on UNIX?
If so do the same on windows; compile OpenSSL and use the
transferred keys and decrypt the data."

If by CLI you mean Command Line Interface, yes, that's what I am using
on UNIX (not a graphical interface). If not, please let me know what you
mean by CLI.

Also, I would appreciate if you can give me more details about using the
keys and decrypting on Windows.

Thank you.

Ion Buicliu


________________________________


My question:
- is it possible to configure Windows with openSSL to use the keys
and decrypt the files encrypted on UNIX?
Yes

- how difficult is this operation?
Are you using OpenSSL CLI tools on UNIX?

If so do the same on windows; compile OpenSSL and use the transferred
keys and decrypt the data.
chris+ (Chris Wilson)
2008-11-19 21:42:01 UTC
Permalink
Hi Ion,
Post by Buicliu, Ion VSA:EX
"Are you using OpenSSL CLI tools on UNIX?
If so do the same on windows; compile OpenSSL and use the
transferred keys and decrypt the data."
If by CLI you mean Command Line Interface, yes, that's what I am using
on UNIX (not a graphical interface). If not, please let me know what you
mean by CLI.
Also, I would appreciate if you can give me more details about using the
keys and decrypting on Windows.
There is a command-line version of OpenSSL that you can download and
install on Windows that works in exactly the same way as the one on
Linux/Unix does. No magic. If your Windows shop finds that too difficult
to deal with (e.g. having to remember command line options) then I'm not
aware of an OpenSSL GUI that could be used. Perhaps PGP for Windows might
provide what you want, with a GUI?

Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org |
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Buicliu, Ion VSA:EX
2008-11-19 21:52:35 UTC
Permalink
Thank you very much Chris, that's all I needed to know.
I will inform the client and let them deal with the rest.


Ion Buicliu

Hi Ion,
Post by Buicliu, Ion VSA:EX
"Are you using OpenSSL CLI tools on UNIX?
If so do the same on windows; compile OpenSSL and use the
transferred keys and decrypt the data."
If by CLI you mean Command Line Interface, yes, that's what I am using
on UNIX (not a graphical interface). If not, please let me know what
you mean by CLI.
Also, I would appreciate if you can give me more details about using
the keys and decrypting on Windows.
There is a command-line version of OpenSSL that you can download and
install on Windows that works in exactly the same way as the one on
Linux/Unix does. No magic. If your Windows shop finds that too difficult
to deal with (e.g. having to remember command line options) then I'm not
aware of an OpenSSL GUI that could be used. Perhaps PGP for Windows
might provide what you want, with a GUI?

Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK | / (_/
,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \
_/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org |
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Kyle Hamilton
2008-11-19 22:11:51 UTC
Permalink
On Wed, Nov 19, 2008 at 1:34 PM, Buicliu, Ion VSA:EX
If by CLI you mean Command Line Interface, yes, that's what I am using on
UNIX (not a graphical interface). If not, please let me know what you mean
by CLI.
Yes, command-line interface, invoked by cmd.exe.
Also, I would appreciate if you can give me more details about using the
keys and decrypting on Windows.
Use exactly the same commands you would use on UNIX. OpenSSL does not
interact with the Windows certificate store at all. It does not
interact with CryptoAPI. It just deals with what's in the files that
you hand to it.

The only gotcha you need to worry about would be if you're decrypting
on Vista or Windows Server 2003+; you might be in a directory which
requires an integrity level of Medium or High, and most invocations of
cmd.exe have Low integrity (meaning you have to get to a directory
that Low integrity can write to, which is often your user account's
Documents directory or a subdir thereof). Basically: if you get a
"cannot write" error, move the stuff to your user account's Documents
folder and retry.
Thank you.
Ion Buicliu
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Buicliu, Ion VSA:EX
2008-11-19 22:14:24 UTC
Permalink
Thank you Kyle, excellent details.

I will inform the client.

Ion Buicliu

On Wed, Nov 19, 2008 at 1:34 PM, Buicliu, Ion VSA:EX
Post by Buicliu, Ion VSA:EX
If by CLI you mean Command Line Interface, yes, that's what I am using
on UNIX (not a graphical interface). If not, please let me know what
you mean by CLI.
Yes, command-line interface, invoked by cmd.exe.
Post by Buicliu, Ion VSA:EX
Also, I would appreciate if you can give me more details about using
the keys and decrypting on Windows.
Use exactly the same commands you would use on UNIX. OpenSSL does not
interact with the Windows certificate store at all. It does not
interact with CryptoAPI. It just deals with what's in the files that
you hand to it.

The only gotcha you need to worry about would be if you're decrypting on
Vista or Windows Server 2003+; you might be in a directory which
requires an integrity level of Medium or High, and most invocations of
cmd.exe have Low integrity (meaning you have to get to a directory that
Low integrity can write to, which is often your user account's Documents
directory or a subdir thereof). Basically: if you get a "cannot write"
error, move the stuff to your user account's Documents folder and retry.
Post by Buicliu, Ion VSA:EX
Thank you.
Ion Buicliu
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Dr. Stephen Henson
2008-11-19 23:23:06 UTC
Permalink
Post by Kyle Hamilton
Use exactly the same commands you would use on UNIX. OpenSSL does not
interact with the Windows certificate store at all. It does not
interact with CryptoAPI. It just deals with what's in the files that
you hand to it.
Well unless it is instructed otherwise. Recent versions of OpenSSL include a
CryptoAPI ENGINE which can make use of private keys and (for SSL/TLS client
authentication only) certificates stored in CryptoAPI.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Loading...