Encrypt/Decrypt files/directories with openssl

Assume that you have a single file to encrypt/decrypt.
From version 1.1.1
, it is recommended to use -pbkdf2
or -iter
cypher. Firstly, you need to check your OpenSSL version with openssl version
or use the following snippet
if [[ $(openssl version) == "OpenSSL 1.1.1"* ]]; then
cipher="-pbkdf2"
else
cipher="-aes-256-cbc"
fi
- To encrypt
openssl enc ${cipher} \
-in "${file_name}" \
-out "${file_name}.enc" \
-md sha512 -salt \
-pass "pass:${ENCRYPTION_PASSWORD}"
where ${cipher}
is -pbkdf2
or -aes-256-cbc
, depend on your OpenSSL version, ${file_name}
is the name of the file you want to encrypt. Encrypted data will be stored in ${file_name}.enc
. ${ENCRYPTION_PASSWORD}
is the symmetric password used to for decryption?
openssl rand -base64 32
- The decrypting command is almost similar to the encrypting command, with an additional
-d
flag, and output/input file names switched
openssl enc -d ${cipher} \
-in "${file_name}.enc" \
-out "${file_name}" \
-md sha512 -salt \
-pass "pass:${ENCRYPTION_PASSWORD}"
If you have multiple files or a directory. There is one more step to combine these files into
tar -Jcf "${file_name}.tar.xz" -C . "${dir_name}"
