encrypt and decrypt files using openssl

How to Encrypt & Decrypt Files Using OpenSSL

Team Fedingo

OpenSSL is a popular cryptographic utility to encrypt and decrypt data. It is often used to encrypt & decrypt information while transmitting over a network. You can use OpenSSL to encrypt & decrypt plain strings, files and even directories. In this article, we will learn how to encrypt & decrypt files using OpenSSL.


How to Encrypt & Decrypt Files Using OpenSSL

You can encrypt & decrypt files using simple ciphers, or using public-private key pairs. We will look at both these methods below.


1. Encrypt & Decrypt Files using ciphers

Here is the syntax to use OpenSSL.

# openssl command command-options arguments

Here is an example to encrypt a single file data.txt using encryption cipher.

# openssl enc -e -aes256 -in data.txt -out secured_data.txt

In the above command,

  1. enc – openssl command to encode with ciphers
  2. -e – option to encrypt the input file/stream
  3. -aes256 – encryption cipher
  4. -in – input file location or name, data.txt
  5. -out – output file location or name secured_data.txt

You can also use OpenSSL with tools like tar to encrypt an entire directory of files. Here is the command to archive & encrypt directory /home/ubuntu/data into secured.tar.gz

# tar -czf /home/ubuntu/data | openssl enc -e -aes256 -out secured.tar.gz

In the above command we pipe the output of tar command to OpenSSL command.

On the other hand, here is the command to decrypt single file secured_data.txt.

# openssl enc -d -aes256 -in secured_data.txt -out data.txt

In the above command,

  1. enc – openssl command to encode with ciphers
  2. -d – option to decrypt the input file/stream
  3. -aes256 – encryption cipher
  4. -in – input file location or name, secured_data.txt
  5. -out – output file location or name data.txt

Similarly, you can also decrypt a tar file with the following command.

# openssl enc -d -aes256 -in secured.tar.gz | tar xz -C /home/ubuntu/data

In the above command, we decrypt the file secured.tar.gz and pass it to tar command which extracts it to folder /home/ubuntu/data.


2. Encrypt & Decrypt Files using key pairs

In order to encrypt & decrypt data and files using key pairs, you need to first create a pair of SSH keys – public key for encrypting data and private key for decrypting data. Here is the command to create a 1024-bit private key for yourself.

$ openssl genrsa -aes128 -out alice_private.pem 1024

When you run the above command, you will see a set of prompts asking for some information for generation of keys. Enter them as per your requirement. You will also see an optional prompt to enter passphrase. If you add a passphrase, then you will be asked for it, every time you use your private key, which can be a problem in case of automated decryption using scripts & programs. In such cases, leave it blank and hit enter key to avoid using a passphrase for your private key.

Run the following command to create public key from private key above.

$ openssl rsa -in alice_private.pem -pubout > alice_public.pem

Now you will have public key alice_public.pem used to encrypt data and alice_private.pem to decrypt data. You need to provide your public key file to the sender of encrypted data, which you will decrypt using your private key. Similarly, when you encrypt data and send to someone, say, bob, you need to encrypt it using bob’s public key, and not your public key. Here is an example to encrypt file using bob’s public key bob_public.pem.

$ openssl rsautl -encrypt -inkey bob_public.pem -pubin -in top_secret.txt -out top_secret.enc

In the above example,

  1. -encrypt – option to encrypt data
  2. -inkey location of receiver’s public key file
  3. -in – input file location
  4. -out – output file location

When you share the above encrypted file top_secret.enc with bob, he will use his private key bob_private.pem to decrypt it.

$ openssl rsautl -decrypt -inkey bob_private.pem -in top_secret.enc > top_secret.txt

In the above example,

  1. -dencrypt – option to dencrypt data
  2. -inkey location of receiver’s private key file
  3. -in – input file location
  4. -out – output file location

Please note, in case you have entered passphrase during key generation, you will be asked to enter the same passphrase for authentication, during decryption.

In this article, we have learnt how to encrypt & decrypt files & directories using OpenSSL. OpenSSL is really wonderful utility that allows you to generate key pairs, encrypt & decrypt data using ciphers as well as using key-pairs.

Also read:

How to Add New SSH Key in GitHub
pgAdmin Connect via SSH Tunnel
How to Connect to PostgreSQL Server Using SSH Tunnel
How to Connect to MySQL via SSH Tunnel in Windows
How to Connect to MySQL via SSH Tunnel in Linux

Related posts:

How to Format USB Drives in Linux
What are the Different Shells Available in Linux
How to Fix SSH Connection Refused Error
How to Backup & Restore Odoo Database
How to Remove Unused Packages in Linux
How to Configure Iptables in Linux step by step
How to Install Printer in Ubuntu Through GUI
How to Determine File System Type in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *