You may be familiar with OpenSSL and how it’s used to encrypt web pages across the internet, however it can also be used to encrypt files on systems. Lucky you OpenSSL is available on pretty much any operating system you can think of, meaning that if you need quick encryption there is no better option.
An alternative to OpenSSL is GPG however it’s not included by default on all distributions. I find that encrypting files with GPG requires less manual input. If you are interested in encrypting files with GPG instead of OpenSSL then read this article Encrypt files with GPG.
To view the a list of the available ciphers issue the following command.
OpenSSL encryption basics
The process to encrypt a file is not complex, all you need to remember is to specify the cipher to be used, indicate salt, the input file and output file. Here is the anatomy of the command.
openssl cipher -a -in -out
- cipher specify the cipher to be used.
- -a encrypted output will be base64 encoded, useful for sending the file via email.
- -salt used to complicate dictionary attacks, make the attackers job harder by doubling the amount of resources needed.
- -in input file, the file you want to encrypt.
- -out output, the encrypted file.
In the following example filename.pdf will encrypted using triple DES cipher. Because I want to remember the cipher used to encrypt the file the result was filename.des3 indicating that triple DES was used on the file.
openssl des3 -a -salt -in filename.txt -out filename.des3
To decrypt the file the process is similar. Indicate the cipher, file was base64 encoded, decrypt the file, input the file name and output the file name.
openssl des3 -a -d -salt -in file.des3 -out file.txt
- cipher indicate the used cipher
- -a encrypted file was encoded with base64.
- -d the file will decrypted
- -salt salt was used
- -in specyfile the encrypted file to be decrypted
- -out output file
You don’t have to use triple DES to encrypt your files. Switching ciphers is very easy, in this case I decided to use Advanced Encryption Standard (AES).
Encryption of the file.
openssl aes-256-cbc -a -salt -in vim.pdf -out output.aes
Decryption of the file.
openssl aes-256-cbc -d -a -in input.aes -out output.pdf
Hopefully this article will help you secure your files from the unknown.