Do have really have to use OpenSSL.exe or could you create/use a modified version of that tool that does exactly what you expect?
Your "scaling" problem is because of the entropy gathering each time OpenSSL is launched. This takes a significant amount of time, especially compared to the actual encryption operation. I would think that creating a service process that responded to a CLI client tool would be more efficacious than trying to scrape the OpenSSL output, but that's just my opinion. Without knowing your exact restrictions, it's hard to suggest what to do. If you don't want the overhead of installing services, and everything will be run from the same window session, you could have the first instance of your process register a global object and stay resident waiting for LRPC calls from secondary instances (or even use files and events - whatever floats your boat). Carl ________________________________ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Funnell, Leon [leon.funn...@catlin.com] Sent: 12 November 2012 11:18 To: openssl-users@openssl.org Subject: RE: How can I pass data to a running instance of OpenSSL CLI on Windows within a batch file? Got it working (almost) in vbscript. I have the following problem however: If I run Openssl.exe on it’s own waiting for input, I can tell it to do one encryption only. See the steps I have followed below: 1. In Windows, run CMD.exe 2. Cd to C:\OpenSSL-Win64\bin 3. Invoke openssl.exe 4. Type “aes-256-cbc -a -e -K 656963636D6B6A6439346A66676E697730336C6A6B646C667574636E76333230 -iv 0” 5. Enter text “12345678” and press Enter 6. Press Ctrl-Z and enter 7. Press Ctrl-Z and enter 8. Outputs “6+gAsG2gj13Jsvujnfyasg==” – this is the encrypted value of “12345678<CR>” – need this without <CR> 9. If I the type “aes-256-cbc -a -e -K 656963636D6B6A6439346A66676E697730336C6A6B646C667574636E76333230 -iv 0” a second time, I get “non-hex digit, invalid hex iv value, error in aes-256-cbc” 10. Then there is no way to exit openssl except pressing CTRL-C If I follow the same above process in vbscript using oExec.StdIn.Write, I can get it to work without the <CR>, as it seems to understand the EOT (character 26) marker on the end of the line. The problem is, it returns to the Openssl> prompt, but again wont work a following time due to the error “non-hex digit, invalid hex iv value, error in aes-256-cbc” Any ideas? This looks like a bug with the CLI, unless you need to change the syntax second time round. Leon From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Tuesday, October 23, 2012 12:12 AM To: openssl-users@openssl.org; openssl-users@openssl.org Subject: RE: How can I pass data to a running instance of OpenSSL CLI on Windows within a batch file? Msdn.com<http://Msdn.com> is excellent. Good advice, few flames. -- Sent from my mobile phone. Please excuse my brevity. Charles Jeremy Farrell <jeremy.farr...@oracle.com<mailto:jeremy.farr...@oracle.com>> wrote: If you start openssl.exe, that's the mode it's in by default - waiting for commands from stdin, writing the output from those commands to stdout. Isn't that what you're looking for? If you're looking for advice on the programming details of attaching to its stdin and stdout and sending/receiving that data from another program, you'd probably be better asking on a general Windows programming list where there'll be more people with that sort of expertise. Regards, jjf From: Funnell, Leon [mailto:leon.funn...@catlin.com]<mailto:[mailto:leon.funn...@catlin.com]> Sent: Monday, October 22, 2012 10:52 AM To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: How can I pass data to a running instance of OpenSSL CLI on Windows within a batch file? We have Windows application which passes data to OpenSSL.exe to encrypt as a Windows command, then scrapes the encrypted data back from the output. The Windows app can call external Windows commands but we cannot call APIs or extend the functionality programmatically. Functionally it works, but it doesn’t scale as each time you call OpenSSL.exe it takes about a second and spikes the CPU. The application we are using is required to process 6000 records every hour. I have two tests set up: 1. A batch file which runs 6000 times, repeatedly running the following command: Openssl.exe aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt 2. A text file with the following line repeated 6000 times, which I paste into the OpenSSL CLI: aes-256-cbc -a -e -k eiccmkjd94jfgniw03ljkdlfutcnv320 –in test.txt When I use the batch file which invokes OpenSSL.exe 6000 times, it takes several hours to complete and spikes the CPU significantly. It seems to be the initialisation of the OpenSSL.exe program rather than the encryption however, as if I paste in the text file to the OpenSSL.exe CLI it completes in several seconds and takes very little CPU. What I need is a way of running OpenSSL.exe as a process which I can pass parameters to on STDIN, and output parameters to STDOUT. I would like to be able to call another batch file or program with the unencrypted data as the input parameter which would then pass this to the running “service”, retrieve the encrypted data result from this “service” and pass it as the output. Can anyone enlighten me on a potential solution for this? Thanks and Regards, Leon Funnell ________________________________________________________ This e-mail is confidential and intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, copying of, or any action taken in reliance upon it, is strictly prohibited and may be illegal. Catlin Underwriting Agencies Limited and Catlin Insurance Company (UK) Ltd. are authorised and regulated by the Financial Services Authority. The registered office of Catlin Underwriting Agencies Limited (incorporated and registered in England and Wales with company number 1815126) and Catlin Insurance Company (UK) Ltd. (incorporated and registered in England and Wales with company number 5328622) is 20 Gracechurch Street, London, EC3V 0BG. Catlin Risk Solutions Limited is an Appointed Representative of Catlin Underwriting Agencies Limited. ________________________________________________________ ________________________________________________________ This e-mail is confidential and intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, copying of, or any action taken in reliance upon it, is strictly prohibited and may be illegal. Catlin Underwriting Agencies Limited and Catlin Insurance Company (UK) Ltd. are authorised and regulated by the Financial Services Authority. The registered office of Catlin Underwriting Agencies Limited (incorporated and registered in England and Wales with company number 1815126) and Catlin Insurance Company (UK) Ltd. (incorporated and registered in England and Wales with company number 5328622) is 20 Gracechurch Street, London, EC3V 0BG. Catlin Risk Solutions Limited is an Appointed Representative of Catlin Underwriting Agencies Limited. ________________________________________________________
