Raw, Encrypted Tunnel with OpenSSL and NetCat
I use netcat on my local network to transfer files very quickly without the overhead of a more complex protocol.
Just for those who don’t; here’s how:
on my home server, i transfer “myfile” on port “1024” to the computer named “MacBook”
root@homeserver:~# nc MacBook 1024 < myfile
and on my mac, i receive “myfile”, listening on port 1024
MacBook:~ ejes$ nc -l 1024 >myfile
this works, and is fairly quick. if you need some validation that the file received is the original file, you can use md5 on Mac, and most BSDs;
MacBook:~ ejes$ md5 myfile MD5 (myfile) = 47f7f451e2e6d462a35a3d88b594e283
and md5sum on Linux.
root@homeserver:~# md5sum myfile 47f7f451e2e6d462a35a3d88b594e283 myfile
Sometimes, however, I need to send a file, quickly, ad-hoc across the big ol’ scary internet. this means that i’m sending “private” information across a “public” network. I hate doing that, because anything on the the internet is subject to snooping.
What can we do? Encrypt our transfer. Thankfully, OpenSSL has the ability to help us do that.
So, to repeat the same transfer as above, but encrypted. We setup our “listener first”, I’m listening on my mac, but the same command line would work in most BSD flavors:
MacBook:~ ejes$ nc -l 1024 | openssl enc -d -aes-256-cbc -out myfile enter aes-256-cbc decryption password:
and on the sending machine you need to use:
root@homeserver:~# openssl enc -e -aes-256-cbc -in built | nc MacBook 1024 enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
Of course OpenSSL supports plenty other encryption methods than aes-256, so feel free to explore. list-cipher-commands should help.
root@homeserver:~# openssl list-cipher-commands aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 seed seed-cbc seed-cfb seed-ecb seed-ofb zlib