Assume that you have a single file to encrypt/decrypt.

From version 1.1.1, it is recommended to use -pbkdf2 or -iter cypher. Firstly, you need to check your OpenSSL version with openssl version or use following snippet

if [[ $(openssl version) == "OpenSSL 1.1.1"* ]]; then
	cipher="-pbkdf2"
else
	cipher="-aes-256-cbc"
fi
  • To encrypt
openssl enc ${cipher} \
	-in "${file_name}" \
	-out "${file_name}.enc" \
	-md sha512 -salt \
	-pass "pass:${ENCRYPTION_PASSWORD}"

where ${cipher} is -pbkdf2 or -aes-256-cbc, depend on your OpenSSL version, ${file_name} is the name of the file you want to encrypt. Encrypted data will be stored in ${file_name}.enc. ${ENCRYPTION_PASSWORD} is the symmetric password used to for decryption.

openssl rand -base64 32
  • The decypting command is almost similar to the ecrypting command, with an additional -d flag, and output/input file names switched
openssl enc -d ${cipher} \
	-in "${file_name}.enc" \
	-out "${file_name}" \
	-md sha512 -salt \
	-pass "pass:${ENCRYPTION_PASSWORD}"


If you have multiple files or a directory. There is one more step to combine these files into

tar -Jcf "${file_name}.tar.xz" -C . "${dir_name}"