This repository contains a C program for file encryption and decryption using the OpenSSL library. The program demonstrates how to securely encrypt a file with a randomly generated key and initialization vector (IV) and then decrypt it back to its original form.
OpenSSL Library: This code requires the OpenSSL library for cryptographic operations. Make sure you have OpenSSL installed on your system before running the program.
Initialization: The program initializes the OpenSSL library, adds necessary algorithms, and loads crypto strings to handle errors.
Key and IV Generation: A random key and IV are generated using the RAND_bytes function from OpenSSL. The key and IV will be used for encryption and decryption.
File Handling: The program takes two command-line arguments: the input file path (plaintext) and the output file path (ciphertext). It opens the input file in binary read mode and calculates its size. Then, it allocates a buffer to store the file data.
Encryption: The plaintext data from the input file is read into the buffer. The encrypt function is called to perform the encryption process using the OpenSSL EVP (Envelope Encryption) API. The encrypted data is then written to the output file.
Cleanup: After encryption, the input and output files are closed, and the memory allocated for the buffer is freed. The OpenSSL library is cleaned up to release any resources used during the encryption process.
Error Handling: The program provides a function called handleErrors, which prints error messages and aborts the program in case of encryption/decryption errors.
To use this code, follow these steps:
Clone the repository and navigate to the project directory.
Compile the code using a C compiler that supports the OpenSSL library. For example: gcc -o file_encrypt_decrypt file_encrypt_decrypt.c -lcrypto
Run the executable with two command-line arguments: the input file path and the output file path. For example: ./file_encrypt_decrypt input.txt output.enc
Replace input.txt with the path to the file you want to encrypt and output.enc with the desired name for the encrypted file.
The program will encrypt the input file and save the encrypted data in the output file specified.
To decrypt the file, you can use the same program with the decrypt function implemented. (Note: The decryption part of the code is not provided here, but you can extend the code by implementing the decrypt function similarly to the encrypt function)
Ensure that you keep the encryption key and IV secure. They are crucial for decrypting the file back to its original form.
Make sure to securely handle the key and IV when exchanging encrypted files or transmitting them over a network.
Always use strong and secure random number generation for key and IV generation. The OpenSSL library's RAND_bytes function provides a secure method for generating random bytes.
This code demonstrates basic file encryption using the OpenSSL library. For production-grade applications, additional security measures and error handling should be implemented.
Strong Encryption: The code utilizes the OpenSSL EVP (Envelope Encryption) API, providing strong encryption algorithms to safeguard the confidentiality of sensitive data.
Random Key and IV: A random key and initialization vector (IV) are generated using OpenSSL's secure random number generator (RAND_bytes). This ensures that each encryption session uses unique and unpredictable keys, enhancing security.
Command-line Interface: The program features a command-line interface, allowing users to specify the input and output file paths easily. This makes it convenient to encrypt files from the terminal.
Error Handling: The code implements an error handling mechanism using the handleErrors function. It provides detailed error messages and aborts the program if any encryption/decryption errors occur, aiding in troubleshooting and debugging.
Efficient File Handling: The program efficiently handles file input/output using binary read and write modes, making it suitable for encrypting and decrypting files of various sizes.
While the current code demonstrates basic file encryption using OpenSSL, there are several areas for potential improvement:
Decryption Function: Extend the code by implementing the decrypt function to enable decrypting the encrypted files back to their original form.
Password-Based Encryption: Add support for password-based encryption, allowing users to encrypt files using a passphrase instead of randomly generated keys.
User Interface: Develop a user-friendly interface, such as a command-line menu or a graphical user interface (GUI), to guide users through the encryption and decryption process with clearer instructions.
Key Management: Implement a secure key management system to handle key storage and distribution securely.
Authenticated Encryption: Explore authenticated encryption modes (e.g., GCM or CCM) to provide both confidentiality and authenticity for the encrypted data.
Secure File Deletion: After encryption, consider securely wiping sensitive data from the plaintext file to prevent data leaks.
File encryption is a critical task that must be done with utmost care. Even though this code uses strong encryption algorithms, the overall security of the encrypted data depends on various factors, including key management, secure distribution, and secure storage of keys. Always follow security best practices to protect sensitive data.
Note: This code is intended for educational purposes and should not be used in production environments without further evaluation and additional security measures. It is essential to conduct a security audit and seek professional guidance before using this code in production systems to ensure that it meets specific security requirements.