How to Encrypt or Decrypt Files with OpenSSL

In this tutorial we are going to show you how to encrypt and decrypt your files with OpenSSL with a password on Linux.

OpenSSL is a powerful tool that allows us to encrypt files in an integral way using various security methods.

Having our information encrypted is essential if we want to prevent the data from reaching other unwanted hands. This tutorial will have the keys to be able to maintain that security in your files.

Encrypt a File using OpenSSL Commands

The first method that we will see will be the process of encrypting our file, and for this, we will use the following syntax:

openssl enc -aes-256-cbc -salt -in thelinuxcode.txt -out thelinuxcode.txt.enc

The parameters to use are the following:

Openssl: It is the command that will be responsible for the encryption of the file.

Enc: Indicates encoding with encryption.

–aes-256-cbc: Indicates the type of encryption that we have to use for the file.

-salt: Adds force parameter to the encryption.

-in: Refers to the source or input file.

-out: It refers to the name that will be assigned to the encrypted file.

It is important to add the -salt parameter because if not, the file will be susceptible to suffer vulnerabilities with decryption tools in a simple way. When executing this syntax, a message will be displayed where we must enter and confirm the password assigned to the text:

At this point, we can add different levels of encryption in this method, such as:

• AES-128-cbc

• AES-256-cbc

• AES-128-ecb

• AES-256-ecb

• AES-192-cbc

• AES-192-ecb

• Camellia-128-cbc

• Camellia-256-cbc, among others.

Once we perform this action we can see our file encrypted with the extension .enc:

We can try to access the encrypted file using any of the desired editors, such as nano by executing the following:

nano thelinuxcode.txt.enc

Decrypt a File using OpenSSL Commands

At the moment we wish to access the encrypted file we will use the following syntax for decryption:

openssl enc -aes-256-cbc -d -in thelinuxcode.txt.enc -out -thelinuxcode.txt

At the moment of pressing enter it will be necessary to enter the own access password:

From this moment we will have access to the contents of the file. The parameters used in this process are:

-d: It allows the decryption of the file.

-in: It enables us to select the encrypted file.

-out: Indicates the name to assign to the file after the process.

Base64 Encoding

In addition to the encryption method indicated above, with OpenSSL, we can add an encoding called Base64 which converts the 8-bit binary information into a set of ASCII characters.

This type of coding is ideal when we have to transfer information through the network, and by default, the encryption will be in binary format.

The syntax for encrypting a file using Base64 is to add the -a value in the following way:

openssl enc -aes-256-cbc -salt -a -in thelinuxcode.txt -out thelinuxcode.txt.enc

We will assign the own access credentials to the file. The -a parameter tells OpenSSL that the data will be encrypted taking Base64 as encoding. If we access the file, we will see its encoding in ASCII format.