I need to encrypt some data using aes-256-ecb since a backend code expects it as a configuration. I'm able to encrypt using a key which is derived from a passphrase using:
openssl enc -p -aes-256-ecb -nosalt -pbkdf2 -base64 -in data-plain.txt -out data-encrypted.txt | sed 's/key=//g'
This encrypts using derived key and outputs the key in console.
However, I couldn't find how to do it with a generated key, something like:
-
Generate a 256-bit key using:
openssl rand -base64 32 > key.data
-
Then use this key during encryption, with something like:
openssl enc -p -aes-256-ecb -key=key.data -nosalt -pbkdf2 -base64 -in data-plain.txt -out data-encrypted.txt
Is this possible?
Best Answer
You have to specify the key in hex using
-K
. Note that you also need to specify the IV with-iv
for some ciphers and modes of operation. You will also need to add-nopad
for ECB decryption if you are decrypting a raw AES block (i.e. no padding is used). Be aware that ECB is highly insecure if used to encrypt more than one block.