CAREFUL! Unless you really know what you are doing, can provide a key from a CSPRNG (the exact key fed directly to AES, not a passphrase or KDF!) and have a secure way of conveying that key to the recipient: this is almost surely not what you want to do. Chances that more than one of these conditions are met are very low.
The issue is that you need a means to determine
initialization vector.
(1) It must be stored explicitly or may be derived from a password. However, for password-based keys you must have salt or the password would be vulnerable to dictionary attacks. So you end up with the requirement to store the IV or the salt.
If you want to try, see the
enc command in
OpenSSL (
home). But I implore you: do not ever deploy that to production or, worse, release as a product to other people without first consulting a person with sufficient crypto expertise.
openssl enc -aes256 -pbkdf2 -iter 1 -nosalt -pass file:KEYFILE -in INFILE -out OUTFILE
Where
INFILE is the input file,
OUTFILE is the output file,
KEYFILE is a file with CSPRNG-generated value (at least 32 octets).
(2) To decrypt:
openssl enc -d -aes256 -pbkdf2 -iter 1 -nosalt -pass file:KEYFILE -in INFILE -out OUTFILE
Obtaining OpenSSL on Windows may be a bit of a trouble, as the upstream is not offering binaries. As far as I can tell,
cURL (
home) offers the command in its Windows relase. If not, see if
MSYS2 can’t provide it. If not,
MinGW may be used to build it, or perhaps accessible over
WSL.
The initial warning applies to any other software as well.
(1) Or a nonce in modes like CTR, CCM or GCM. The distinction is irrelevant in this post.
(2) That is not the key yet — it will still be fed to a KDF, but in this case with no implications for security.