TIP: encrypt and decrypt files using OpenSSL

Quick caveat

This may be common knowledge for many of you, but I decided to put this short writeup together for those who are not aware of the option. I am occasionally working on a FreeBSD or Linux system where GnuPG is not installed, and I need a quick way to encrypt and decrypt files from the command line.

Enter OpenSSL

openssl(1) and its companion, enc(1), provide a mechanism for encryption and decryption using a variety of ciphers. Please refer to both manpages to get a functional understanding of both programs, and to review the available options.

Encryption example

Without further ado, let's encrypt a file, myfile.

% openssl enc -bf -salt -in myfile -out myfile.enc -e -a

Note that we're using base64 encoding (-a). This a good idea, particularly if you will be transferring (ftp-ing, emailing, etc.) the file.

You will be prompted for an "encryption password" (which the key will be derived from to encrypt your file), and you will be required to verify the same password. The encrypted, base64 encoded file will now be in myfile.enc.

Decryption example

Upon receiving an encrypted file (created using the precise command in the example above), we can decrypt it using the following.

% openssl enc -bf -in myfile.enc -out myfile.dec -d -a

You will be prompted for the same "encryption password" that you provided in the previous example. (Don't forget it.) Afterwards, the decrypted, base64 decoded file will be in myfile.dec.

That's it. You might consider setting up a shell alias or function, or a small Bourne script to obfuscate the options.