OpenSSL is the old standby solution for all things encryption, but did you know that Solaris provides an excellent array of userland tools to solve your cryptographic cypherpunk needs?

There are 3 we’ll look at which provide the most basic cryptographic needs:

• encrypt & decrypt: This pair of tools encrypt and decrypt a stream or file
• mac: Calculate cryptographic Message Authentication Codes (MACs) for a stream or file
• digest: Calculate digests (“checksums”) of a stream of file

Encrypt & Decrypt

The encrypt and decrypt tools do what the name suggests. Run them with the -l flag to list the available ciphers:

benr@aeon ~$ encrypt -l
Algorithm       Keysize:  Min   Max (bits)
------------------------------------------
aes                       128   256
arcfour                     8  2048
des                        64    64
3des                      192   192

Give it a file or a stream and a key (remember, a password is a key, no magic here) and your off:

benr@aeon tmp$ encrypt -a aes -i testfile -o testfile.encrypted
Enter key:     <-- entered "this is my key"
benr@aeon tmp$ cat testfile.encrypted 
èk»Ÿ¯m„™Þ©¦€p'T
ÕWp³#÷d‡¯HÇø7ìâtìtˆÆ@šßÒÉÇnwu¾V€UuȞÓW

benr@aeon tmp$ decrypt -a aes -i testfile.encrypted            
Enter key:   <-- entered "this is my key"
This is a plaintext file.

Easy as that, if you do not supply in or out files standard in/out are used. Need to exchange some super secret files to a friend? Why not tar them up, encrypt them, send them via email and then call your buddy with the string you used for the key. The longer and more whacky the string/key the better.

If your wondering what ARCFOUR is, its more commonly known as RC4, a good algorithm but not recommended for sensitive data encryption. Read up on Wikipedia for more on RC4.

mac

MAC's are used for integrity checking. They are cryptographic checksums that validate that the data was in fact sent by the person you think it was. This is done by using a key just like encryption or decryption:

benr@aeon tmp$ mac -l
Algorithm       Keysize:  Min   Max (bits)
------------------------------------------
des_mac                    64    64
sha1_hmac                   8   512
md5_hmac                    8   512
sha256_hmac                 8   512
sha384_hmac                 8  1024
sha512_hmac                 8  1024
benr@aeon tmp$ mac -a sha256_hmac testfile
Enter key:    <--- Entered "this is my mac key"
b49ddab17cb32eca448eb1abf977b7cacdf9e3435e558883a5a6300cd7205307
benr@aeon tmp$ mac -a sha256_hmac testfile
Enter key:    <--- Entered "this is not my mac key"
1bbcd4b28aa38097b6b6f8adb49aa111be0aebf109b6d5568de6fa64e98f2822
benr@aeon tmp$ mac -a sha256_hmac testfile
Enter key:    <--- Entered "this is my mac key"
b49ddab17cb32eca448eb1abf977b7cacdf9e3435e558883a5a6300cd7205307

So above you can see the list of MAC's available and an example of how to use the tool, notice that if you insert the wrong password/key you get a different checksum, this is the power of MACs.

Digest

Everyone should be familiar with digests, namely MD5 Checksums commonly used to verify downloaded files. On Linux or other platforms the md5sum tool is commonly used, elsewhere OpenSSL is used (openssl digest ...), but Solaris provides a tool with a verity of handy digest algorithms:

benr@aeon tmp$ digest -l
sha1
md5
sha256
sha384
sha512
benr@aeon tmp$ digest -a sha256 testfile
88b84e9fc0ddaed0f41a7010a59662c75dd65b6c100ead82a14415d0e78c2ca2

Quick, easy to use, and a verity of algorithms easier to use than OpenSSL's syntax I think.

Handy huh? With these tools you can have lots of fun.. secure those IRS return PDF's, hide that ummmm "sensitive" data, or combine with other tools to add encryption capability like we will in my next post!