Encrypt and Decrypt Files with AES using OpenSSL

Encrypt and Decrypt Files with AES using OpenSSL

Whether you're securing sensitive information for personal or professional use, encryption is an effective way to keep your data safe. One widely used encryption tool is OpenSSL, which allows you to encrypt and decrypt files using the Advanced Encryption Standard (AES) algorithm. This tutorial explains how to encrypt and decrypt files with AES using OpenSSL.

AES is a symmetric encryption algorithm widely used to secure data. AES can be used with various modes of operation such as CBC, ECB, etc.

The openssl enc command can be used for encrypting and decrypting input data using symmetric encryption algorithms such as AES. To encrypt a file named data.txt with AES-256-CBC, run the following command:

openssl enc -in data.txt -out data.enc.txt -e -aes-256-cbc -pbkdf2 -pass pass:04157fca6154ecb8ed81b7706871e2a9

The meaning of options:

  • -in data.txt - the input file to be encrypted.
  • -out data.enc.txt - the output file containing the encrypted data.
  • -e - specifies encryption mode.
  • -aes-256-cbc - sets AES encryption with a 256-bit key in CBC mode.
  • -pbkdf2 - uses PBKDF2 (Password-Based Key Derivation Function 2) to strengthen the encryption key, making it resistant to brute force attacks. Note that omitting this option will trigger a deprecation warning from OpenSSL.
  • -pass pass:<password> - provides the password for key generation. Replace <password> with a strong, unique password.

To decrypt a file named data.enc.txt with AES-256-CBC, run the following command:

openssl enc -in data.enc.txt -out data.out.txt -d -aes-256-cbc -pbkdf2 -pass pass:04157fca6154ecb8ed81b7706871e2a9

The meaning of options:

  • -in data.enc.txt - the input file to be decrypted.
  • -out data.out.txt - the output file to store the decrypted data.
  • -d - specifies decryption mode.
  • The remaining options are identical to those used during encryption.

To get all supported encryption algorithms related to AES, use the command:

openssl enc -list | findstr aes
openssl enc -list | grep aes

Output example:

-aes-128-cbc               -aes-128-cfb               -aes-128-cfb1
-aes-128-cfb8              -aes-128-ctr               -aes-128-ecb
-aes-128-ofb               -aes-192-cbc               -aes-192-cfb
-aes-192-cfb1              -aes-192-cfb8              -aes-192-ctr
-aes-192-ecb               -aes-192-ofb               -aes-256-cbc
-aes-256-cfb               -aes-256-cfb1              -aes-256-cfb8
-aes-256-ctr               -aes-256-ecb               -aes-256-ofb
-aes128                    -aes128-wrap               -aes192
-aes192-wrap               -aes256                    -aes256-wrap
-id-aes128-wrap            -id-aes128-wrap-pad        -id-aes192-wrap
-id-aes192-wrap-pad        -id-aes256-wrap            -id-aes256-wrap-pad

    Related

    Leave a Comment

    Cancel reply

    Your email address will not be published.