Encrypting Files with OpenSSL

The syntax of openssl is basic:

openssl [encryption type] -in [file to encrypt]

We’ll use aes-256-cbc for the encryption, and we’ll be using a text file as the input. We’re also going to specify a different output file to prevent any errors. Here is what the command would look like:

openssl -e aes-256-cbc -in file.txt -out encrypted.txt

You will be asked to set and confirm a password before the encryption is complete, do not lose this password or you will lose access to the file.

Note: You can also just use an input file with -in filename, but that may cause issues. To prevent any unexpected problems, do not specify the same file as the input and output. This means the original file will stick around either before or after encryption, and you will want to deal with that file individually, preferably through a secure delete method.

Just type openssl -h to get a list of commands and cyphers

You can also type openssl aes-256-cbc -h for a list of options for the aes-256-cbc command. This will work for any of the commands or cyphers.

Or openssl ciphers -v for a complete list of ciphers

You can, for example, specify the salt or password on the command line.

Decrypting Files with OpenSSL

openssl des3 -d -in encrypted.txt -out normal.txt

The previously set password will be required to decrypt the file.

Other than switching the placement of the input and output, where again the original file stays put, the main difference here is the -d flag which tells openssl to decrypt the file.
Naturally, you’re probably wondering what happens if you try to open a file that has been encrypted with OpenSSL without entering the password? You’ll probably get an error message, but if you force openthe file with something like TextEdit, you’ll see the text “Salted” followed by a bunch of gibberish.

The file will remain unreadable until it has been decrypted through openssl again.