1

I'm working on a shell script that among other things encrypts some files with a public key--intending to be decrypted with a private one--using smime command.

smime works with small files but not with large (>4GB) ones.

openssl smime -aes-256-cbc -encrypt -in INPUT_FILE_NAME -binary -outform DEM -out OUTPUT_FILE_NAME PUBLIC_PEM_FILE

This line shows no error and the output file is created but remains empty after call finishes its execution.

How to encrypt both small and large files?

Edit 1: Found a comment on how to encrypt a large file in openssl using public key with the same problem but suggested solution didn't work.

Community
  • 1
  • 1
Phellipe Ribeiro
  • 491
  • 3
  • 13
  • Could it be as simple as a bad outform specifier? Options are SMIME, PEM, and DER. – msw Oct 19 '15 at 12:33
  • @msw Results with replaced outforms as follows. `PEM`: truncate output; `DER`: empty output; `SMIME`: truncate output; no `outform` at all: truncate output. – Phellipe Ribeiro Oct 19 '15 at 14:08
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Oct 19 '15 at 17:03
  • @jww It's related to shell scripting like 40k+ other questions: http://stackoverflow.com/questions/tagged/shell – Phellipe Ribeiro Nov 18 '15 at 11:59
  • @Phellipe - Sorry about that... Based on the way you phrased/worded the question, it appears you are just looking for help with the command. If it *really* is programming related question, then maybe you can frame it as such? Otherwise, you really will get better answers on Super User, and you won't get the hostile reception often encountered at Stack Overflow. (I don't believe in moving on folks without feedback, so I try to take the time to comment. I also don't believe in penalizing folks, so I often withhold downvotes because it only sours your experience). – jww Nov 18 '15 at 14:20
  • @jww Indeed, it was not very clear. Thanks for your suggestion for being so polite! – Phellipe Ribeiro Nov 18 '15 at 16:08
  • @Phellipe - no problem. Its not a bad question. As its phrased, I think it would find a better home elsewhere. I don't think its deserving of downvotes. But some on Stack overflow have lazy minds and can't differentiate the two concepts. – jww Nov 18 '15 at 17:41

1 Answers1

3

Got to solve the problem by splitting the large file into small chunks:

# Splits large file into 500MB pieces
split -b 500M -d -a 4 INPUT_FILE_NAME input.part.

# Encrypts each piece
find -maxdepth 1 -type f -name 'input.part.*' | sort | xargs -I % openssl smime -encrypt -binary -aes-256-cbc -in % -out %.enc -outform DER PUBLIC_PEM_FILE

For the sake of information, here is how to decrypt and put all pieces together:

# Decrypts each piece
find -maxdepth 1 -type f -name 'input.part.*.enc' | sort | xargs -I % openssl smime -decrypt -in % -binary -inform DEM -inkey PRIVATE_PEM_FILE -out %.dec

# Puts all together again
find -maxdepth 1 -type f -name 'input.part.*.dec' | sort | xargs cat > RESTORED_FILE_NAME

Solution based on:

  1. http://linuxconfig.org/easy-way-to-encrypt-and-decrypt-large-files-using-openssl-and-linux
  2. https://unix.stackexchange.com/questions/1588/break-a-large-file-into-smaller-pieces#1589
Community
  • 1
  • 1
Phellipe Ribeiro
  • 491
  • 3
  • 13