Sometimes you need to encrypt a text string or a whole file because it is not recommended (or desirable) to use it as is. What to do if you see yourself in this situation? Make use of the openssl command.
The openssl program is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. Among the things you can do, encryption and decryption with ciphers is one of them.
In cryptography, a cipher is an algorithm for performing encryption or decryptionβa series of well-defined steps that can be followed as a procedure.ΒΉ
Example Num. 1:
Imagine you want to encrypt the string “your very secret stuff
“, you can achieve this by issuing the following command:
$ echo -n 'your very secret stuff' | openssl enc -aes128 -pbkdf2 -a -e -k some-password $ U2FsdGVkX18x/szJ03GI3RMuISEwu+RYRumtuO2ABLHmaPLXQgyOvdL7GDcw7ouc
In this example we are:
- Β
echo
ing the “your very secret stuff” without the trailing newline (-n
). openssl enc
: calling the symmetric cipher routines of theopenssl
program.-aes128
: choosing AES-128 cipher.-pbkdf2
: using PBKDF2 algorithm to derive the key from the password.-a
: if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted.-e
: choosing to encrypt the input data.-k some-password
: setting the password “some-password”. This password will be asked at the time of decrypting the data. Additionally, if we don’t provide it as an argument now, we’ll be prompted for it.
The process to decrypt the data is almost identical. You’d just need to replace the -e
flag (encrypt) with -d
(decrypt):
$ echo 'U2FsdGVkX18fl6CDdLoTthdNlfIU4LcYwa4TGaxy/q6UNlOFl3G1tRC90l+oeOx6' | openssl enc -aes128 -pbkdf2 -a -d -k some-password $ Your very secret stuff
Example Num. 2:
In this example we are encrypting the contents of a file. These are the steps followed bellow:
- Creating a new test file.
- Displaying the contents of the file.
- Encrypting the file and sending the output to a new file wih
.aes128
extension. - Showing the encrypted file contents.
- Decrypting the recently created + encrypted file.
- Showing the recently decrypted file.
# creating a test file. # $ cat <<FILE_CONTENTS > my-secret-file.txt > Let's suppose this is a content to which I want to add some protection. > The very secret of he Lorem Ipsum dolor sit amet consectetur lies here. > FILE_CONTENTS ... $ cat my-secret-file.txt Let's suppose this is a content to which I want to add some protection. The very secret of he Lorem Ipsum dolor sit amet consectetur lies here. ... ... # Encrypting the file and sending the output to a new file. $ cat my-secret-file.txt | openssl enc -aes128 -pbkdf2 -a -e -k some-password > my-secret-file.txt.aes128 ... $ cat my-secret-file.txt.aes128 U2FsdGVkX1/asJOGUs+EI9l8yS5lF9FzWJ+AiVdtGkWv1n5i5FiPnVv8Qcg/W3We qXpgfBWkIwWzGgzlO4HDPo/E0OJ9JtD29IolSQRSNe9lP38HROPQI5Pvj9RQ8HDq BSUBDbObCeBjEOnkmy2KPH1sYj14GazkN43jxIvJKaycMufGgSoCp2Qt+/qAyYhd 8oe2FqxjvhI63COEFb42ItkTbUf2+Ov08B4oLzJirZU= ... # Decrypting the file. In this example I'll not provide the password as an argument, so I'll be prompted to insert it. ... $ cat my-secret-file.txt.aes128 | openssl enc -aes128 -pbkdf2 -a -d > new-decrypted-file.txt enter aes-128-cbc decryption password: ... $ cat new-decrypted-file.txt Let's suppose this is a content to which I want to add some protection. The very secret of he Lorem Ipsum dolor sit amet consectetur lies here.
Conclusion:
That’s how you encrypt and decrypt a text or a file in the shell.
Make sure to take a look at other bash related articles.
Additional resources:
– The documentation page for the symmetric cipher routines has additional information, and many illustrative examples.