Linux has plenty of powerful encryption software, but what can you use if you just want to secure a couple files quickly? The OpenSSL toolkit works well for this. It comes installed with Ubuntu and can provide stronger encryption than you would ever need.

This is the basic command to encrypt a file:

openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc

How does this work?

  • openssl is the command for the OpenSSL toolkit.
  • aes-256-cbc is the encryption cipher to be used. (256bit AES is what the United States government uses to encrypt information at the Top Secret level.)
  • -a means that the encrypted output will be base64 encoded, this allows you to view it in a text editor or paste it in an email. This is optional.
  • -salt adds strength to the encryption and should always be used.
  • -in secrets.txt specifies the input file.
  • -out secrets.txt.enc specifies the output file.
  • You will be prompted for a password.

It’s not much use unless you can decrypted it:

openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new

  • -d decrypts data.
  • -a tells OpenSSL that the encrypted data is in base64.
  • -in secrets.txt.enc specifies the data to decrypt.
  • -out secrets.txt.new specifies the file to put the decrypted data in.

Try out OpenSSL by decrypting this string (the password is pass):

U2FsdGVkX18YcWkbmhsN7M/MP1E+GLf4IqmNsa53T+A=

You can paste it into a text file and use the commands above, or use this command instead:

echo U2FsdGVkX18YcWkbmhsN7M/MP1E+GLf4IqmNsa53T+A= | openssl aes-256-cbc -d -a

See the OpenSSL man page for more detail on what it can do.


Related Posts