Encrypt/Decrypt files/directories with openssl

Encrypt/Decrypt files/directories with openssl

Assume that you have a single file to encrypt/decrypt.

  • To encrypt
openssl enc -pbkdf2 \
	-in "${file_name}" \
	-out "${file_name}.enc" \
	-md sha512 -salt \
	-pass "pass:${my_password}"

${file_name} is the name of the file you want to encrypt. Encrypted data will be stored in ${file_name}.enc. ${my_password} is the symmetric password used for decryption?

openssl rand -base64 32
  • The decrypting command is almost similar to the encrypting command, with an additional -d flag, and output/input file names switched
openssl enc -d -pbkdf2 \
	-in "${file_name}.enc" \
	-out "${file_name}" \
	-md sha512 -salt \
	-pass "pass:${my_password}"

  • From version 1.1.1, -pbkdf2 or -iter cypher are recommended over -aes-256-cbc. If you are using openssl version older than 1.1.1, replace -pbkdf2 with -aes-256-cbc. Using -aes-256-cbc with openssl version newer or equal to 1.1.1 will emit the error:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
  • To check openssl version: openssl version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

If you have multiple files or a directory. There is one more step to combine these files into

tar -Jcf "${file_name}.tar.xz" -C . "${dir_name}"
Buy Me A Coffee