Tutonics

Easy file encryption using openssl

console

If you're new to encryption or simply want to encrypt a file but don't want to bother setting up a public/private key pair (required by some tools), then these simple examples of using OpenSSL could be what your looking for.

Reading time:
3 min
Tags:

OpenSSL and ciphers

Simply put, a cipher is a particular algorithm used to encrypt and decrypt data.

The openssl command line tool is installed as part of Ubuntu (and most other distributions) by default, you can see which ciphers are available for use with the command line use by running:

openssl list-cipher-commands

We'll show examples using AES, Triple DES, and Blowfish.

Simple encryption and decryption using AES

To encrypt a file called myfile.txt using AES in CBC mode, run:

openssl enc -aes-256-cbc -salt -in myfile.txt -out myfile.enc

This will prompt you for a password, then create the encrypted file myfile.enc (NB: use a strong password and don't forget it, as you'll need it for the decryption stage!).

To then decrypt myfile.enc, run:

openssl enc -d -aes-256-cbc -in myfile.enc -out myfile.txt

You'll be prompted to enter the password you used when encrypting the file. Note that if you omit the "-out myfile.txt" part, the decrypted contents of your file get sent to standard output (so if your doing this on the command line, you'll see it displayed in front of you).

Simple encryption and decryption using triple DES

To encrypt a file called myfile.txt using Triple DES in CBC mode, run:

openssl enc -des-ede3-cbc -salt -in myfile.txt -out myfile.enc

This will prompt you for a password, then create the encrypted file myfile.enc (Again: use a strong password and don't forget it, as you'll need it for the decryption stage!).

To then decrypt myfile.enc, run:

openssl enc -d -des-ede3-cbc -in myfile.enc -out myfile.txt

You'll be prompted to enter the password you used when encrypting the file.

Simple encryption and decryption using Blowfish

To encrypt a file called myfile.txt using Blowfish in CBC mode, run:

openssl enc -bf-cbc -salt -in myfile.txt -out myfile.enc

This will prompt you for a password, then create the encrypted file myfile.enc (use a strong password and don't forget it, as you'll need it for the decryption stage!).

To then decrypt myfile.enc, run:

openssl enc -d -bf-cbc -in myfile.enc -out myfile.txt

You'll be prompted to enter the password you used when encrypting the file.

Cipher strength

AES and Triple DES are considered to be strong. Blowfish is still a good algorithm but its author (Bruce Schneier) recommends that you should use the "twofish" algorithm instead if available. Unfortunately twofish is not yet available in the list of openssl ciphers.

CBC Mode

The mode (the algorithms mode of operation) we chose to use above was CBC (cipher block chaining) mode.

There are modes other than CBC mode available for your encryption purposes, such as ECB mode.

Regarding AES, if you wish to use ECB mode with it instead, use -aes-256-ecb rather than -aes-256-cbc in the example.

Refer to the list of ciphers to see exactly what is available, but bear in mind that CBC mode is considered to be better.

Thanks to the OpenSSL development team for producing such a handy tool.

Thank you for reading this article.
Please share if you liked it.