Encrypt & Decrypt Files from the Command Line with OpenSSL
Need to quickly encrypt a file from the command line? With OpenSSL, you can encrypt and decrypt files very easily.
For the purpose of this walkthrough, weβll use des3 encryption, which in simple terms means a complex encryption algorithm is applied three times to each data block, making it difficult to crack through brute force methods. While weβre focusing on Mac OS X here, these commands will work anywhere that OpenSSL is installed, including older versions of OS X and Linux.
How to Encrypt Files with OpenSSL
The syntax of openssl is basic:
openssl [encryption type] -in [file to encrypt]
As mentioned before, weβll use des3 for the encryption, and weβll be using a text file as the input. Weβre also going to specify a different output file to prevent any errors. Here is what the command would look like:
openssl des3 -in file.txt -out encrypted.txt
You will be asked to set and confirm a password before the encryption is complete, do not lose this password or you will lose access to the file.
Sidenote: You can also just use an input file with -in filename, but that may cause issues. To prevent any unexpected problems, do not specify the same file as the input and output. This means the original file will stick around either before or after encryption, and you will want to deal with that file individually, preferably through a secure delete method.
Decrypting Files with OpenSSL
The file will remain unreadable until it has been decrypted through openssl again.
openssl des3 -d -in encrypted.txt -out normal.txt
The previously set password will be required to decrypt the file.
Other than switching the placement of the input and output, where again the original file stays put, the main difference here is the -d flag which tells openssl to decrypt the file.
Naturally, youβre probably wondering what happens if you try to open an file that has been encrypted with OpenSSL without entering the password? Youβll probably get an error message, but if you force open the file with something like TextEdit, youβll see the text βSaltedβ followed by a bunch of gibberish like s
The file will remain unreadable until it has been decrypted through openssl again.
