In order to make our life easier, first let’s create two aliases to encrypt (sslenc) and decrypt (ssldec) files in the command line using OpenSSL, respectively:
In order to encrypt a file, say filename.txt, you should do something like this:
which first encrypts the input file to filename.txt.enc (“enc” suffix is there just to tell you that it is encrypted) and then the
rm command removes the input file. To decrypt it into new_filename.txt use the following:
Now back to beginning: let’s explain the various flags in the aliases given in the top:
aes-256-cbc: a command to encrypt using the Advanced Encryption Standard cipher with key size of 256 bit, which makes use of the Cipher-Block Chaining mode. Currently aes-256-cbc is the the standard cipher choice of the US government. You may change this command (i.e., “
aes-256-cbc”) by “
enc -aes-256-cbc” which means the same thing, but in a longhand: encrypt (enc) using the cipher, aes-256-cbc.
-salt: adds strength to the encryption and should always be used. (see wikipedia page for salt).
-a: indicates that the encrypted output will be base64 encoded, this allows you to view it in a text editor or paste it in an email (optional).
-d: for file decryption.
You may also be interested in the wikipedia article which talks about the key size.