Assume that you have a single file to encrypt/decrypt.
From version 1.1.1, it is recommended to use -pbkdf2 or -iter cypher. Firstly, you need to check your OpenSSL version with openssl version or use following snippet
if [[ $(openssl version) == "OpenSSL 1.1.1"* ]]; then
cipher="-pbkdf2"
else
cipher="-aes-256-cbc"
fi- To encrypt
openssl enc ${cipher} \
-in "${file_name}" \
-out "${file_name}.enc" \
-md sha512 -salt \
-pass "pass:${ENCRYPTION_PASSWORD}"where ${cipher} is -pbkdf2 or -aes-256-cbc, depend on your OpenSSL version, ${file_name} is the name of the file you want to encrypt. Encrypted data will be stored in ${file_name}.enc. ${ENCRYPTION_PASSWORD} is the symmetric password used to for decryption.
openssl rand -base64 32- The decypting command is almost similar to the ecrypting command, with an additional
-dflag, and output/input file names switched
openssl enc -d ${cipher} \
-in "${file_name}.enc" \
-out "${file_name}" \
-md sha512 -salt \
-pass "pass:${ENCRYPTION_PASSWORD}"If you have multiple files or a directory. There is one more step to combine these files into
tar -Jcf "${file_name}.tar.xz" -C . "${dir_name}"