This is a guide to using OpenSSL in a portable fashion on Windows.
I did a talk in June '08 about a portable life.
The other day I picked up a new 2gb USB Drive. I like to keep storage with me, as well as programs like Portable Putty, Firefox, Filezilla, VLC, 7Zip and KeePass. All of which can be downloaded free at PortableApps.com Keeping all these programs only takes up around 150MB, which isn’t bad when you have 1.9GB to play with. Now lets talk about encryption. Using a Mac or Linux a lot like I do, you find OpenSSL is awesome. You can easily encrypt and decrypt files quickly. I recently got to looking around and found an .exe of OpenSSL. So I started playing. When I was done I had OpenSSL working off a USB Drive, and a batch file that either encrypts or decrypts based on the file extension. Oh and the batch file is run by dropping a file onto it. Here is what I did.
1. Download the latest OpenSSL Light from OpenSSL.org. 2. Install OpenSSL a. Ignore the error about MS Visual C++ b. Select Copy OpenSSL DLL to /bin directory 3. Copy C:\OpenSSL\bin to your USB Drive. 4. Rename the bin directory to openssl.. 5. Double click on openssl.exe in your openssl directory. If it works you should get a command prompt showing OpenSSL> 6. Download this file to the root of your USB Drive. encrypt-and-decrypt.bat 7. Now you have drag and drop encryption and decryption using aes-256.
The batch file will encrypt any file but will not encrypt a directory. If you want to encrypt a directory you can use 7zip to zip up the directory, then encrypt the .zip Also the batch file will only decrypt files ending in .enc Test it out and you will see what I mean. If you have any questions just leave a comment.
ps. If you want separated encrypt and decrypt files you can download these. encrypt.bat decrypt.bat
@echo off SET EX=%~x1 rem Changes program to the dir .bat is in cd /d %~dp0 if %EX%==.enc (GOTO :DECRYPT) IF EXIST %1.enc ( echo Please rename/remove file. echo %~f1.enc pause) IF EXIST %1.enc (GOTO :END) "%CD%\openssl\openssl.exe" enc -aes-256-cbc -salt < %1 > %1.enc GOTO :END :DECRYPT IF EXIST "%~dp1%~n1" ( echo Please rename/remove file. echo %~dp1%~n1 pause) IF EXIST "%~dp1%~n1" (GOTO :END) "%CD%\openssl\openssl.exe" enc -d -aes-256-cbc -salt < %1 > "%~dp1%~n1" GOTO :END :END
@echo off rem Changes program to the dir .bat is in cd /d %~dp0 rem First part is the path to openssl.exe, then the encryptions stuff. rem rem Then %1 is the item you dropped on the .bat file. rem Then the second %1 adds a .enc to the end of the file name, and saves it. "%CD%\openssl\openssl.exe" enc -aes-256-cbc -salt < %1 > %1.enc
@echo off rem Changes program to the dir .bat is in cd /d %~dp0 rem First part is the path to openssl.exe, then the encryptions stuff. rem Then %1 is the item you dropped on the .bat file. rem Then %~dp1%~n1 removes the .enc and places the file into original dir. "%CD%\openssl\openssl.exe" enc -d -aes-256-cbc -salt < %1 > "%~dp1%~n1"