# Encrypting a string and decrypting with password - OpenSSL?



## ksv (Apr 19, 2004)

I need a simple system for checking the authenticity of a physical ID card, and thought of simply encrypting the member's 14 digit id number with a universal password and print the hash on the card. Is there a simple, standard way of doing this with e.g. OpenSSL?


----------



## rbuenger (Apr 19, 2004)

Yes, this is possible with OpenSSL in a very simple way like:

openssl des -e -aes128 -k mypass -in Inputfile -out cryptedfile

-e means encryption. Try -d to decrypt
-k is the key
-in and -out the files to handle

Hope this helps and is what you are searching. If you don't wanne use aes128 you can choose many other cipher types like rc5, des, blowfish....

You can see a help for this command by just entereing an invalid option like:

openssl des -invalid


----------



## ksv (Apr 19, 2004)

rbuenger said:
			
		

> Yes, this is possible with OpenSSL in a very simple way like:
> 
> openssl des -e -aes128 -k mypass -in Inputfile -out cryptedfile
> 
> ...



Thank you very much - works perfectly 
Now, is there a way to generate hashes of only regular letters and numbers, like e.g. md5 hashes? Those weird characters are rather inconvenient to enter manually and can't be stored on magnet cards if I was to use that.

And do you know if this can be done in php? I'm planning to integrate this with our current member registration form, generating the hash and writing it to the database along with the other data. I'll leave that to our php guy, of course


----------



## ksv (Apr 19, 2004)

Found the php OpenSSL function, but it seems to be made exclusively for handling SSL certificates and I can't see how to simply encrypt and decrypt text like rbuenger explained. Ideas, anyone?


----------



## rbuenger (Apr 19, 2004)

First if your webserver is running on a *nix box you could easily create simple shell-scripts and call them like any cgi from within you page. You just have to start your file with #!/bin/bash instead of the pearl stuff. Maybe this works for you.

And it should be no problem to use a simple openssl md5 command to create a checksum of the encoded text you got bevor like this:

openssl des -e -aes128 -k password -in filetoencode | openssl md5

But using this with md5 you're unable to decode it in any way because md5 is a one way function. So you instead have to encode the input and compare the md5 hashes.


----------



## ksv (Apr 19, 2004)

rbuenger said:
			
		

> First if your webserver is running on a *nix box you could easily create simple shell-scripts and call them like any cgi from within you page. You just have to start your file with #!/bin/bash instead of the pearl stuff. Maybe this works for you.
> 
> And it should be no problem to use a simple openssl md5 command to create a checksum of the encoded text you got bevor like this:
> 
> ...



This is going to work - thanks again!


----------



## ksv (Apr 25, 2004)

We managed to make a php script out of this, but we've got one major problem - these encryption algorithms seem to be encrypting differently each time. So even though they can be decrypted, it makes comparing the md5 hashes useless. Got any ideas, or is there an algorithm which always encrypts to the same hash?


----------



## ksv (Apr 25, 2004)

Okay, I think I've figured it out. I can use a key to sign the md5 digest


----------



## michaelsanford (Apr 29, 2004)

I was going to ask why you don't just use the MD5 digest by itself.


----------

