Saturday, February 11, 2012

Simple File Encryption with OpenSSL (openssl)

This is the basic command to encrypt a file:

openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc

How does this work?

* openssl is the command for the OpenSSL toolkit.
* aes-256-cbc is the encryption cipher to be used. (256bit AES is what the United States government uses to encrypt information at the Top Secret level.)
* -a means that the encrypted output will be base64 encoded, this allows you to view it in a text editor or paste it in an email. This is optional.
* -salt adds strength to the encryption and should always be used.
* -in secrets.txt specifies the input file.
* -out secrets.txt.enc specifies the output file.
* You will be prompted for a password.

It’s not much use unless you can decrypted it:

openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new

* -d decrypts data.
* -a tells OpenSSL that the encrypted data is in base64.
* -in secrets.txt.enc specifies the data to decrypt.
* -out secrets.txt.new specifies the file to put the decrypted data in.