Have you ever wondered how to quickly encrypt a file from the command line? Generally, encryption allows you to hide the original contents of a file. With OpenSSL, you can encrypt and decrypt files very easily.
In this article, we’ll use des3 encryption, which in simple terms means a complex encryption algorithm is applied three times to each data block, making it difficult to crack through brute force methods. While we’re focusing on Mac OS X here, these commands will work anywhere that OpenSSL is installed, including older versions of OS X and Linux.
How to Encrypt Files with OpenSSL
The syntax of OpenSSL is basic:
openssl [encryption type] -in [file to encrypt]
As mentioned before, we’ll use des3 for the encryption, and we’ll be using a text file as the input. We’re also going to specify a different output file to prevent any errors. Here is what the command would look like:
openssl des3 -in file.txt -out encrypted.txt
You will be asked to set and confirm a password before the encryption is complete, do not lose this password or you will lose access to the file.
You can also just use an input file within the filename, but that may cause issues. To prevent any unexpected problems, do not specify the same file as the input and output. This means the original file will stick around either before or after encryption, and you will want to deal with that file individually, preferably through a secure delete method.
Decrypting Files with OpenSSL
Similar to what we have for encrypting the file, the command for decrypting the file is as below:
openssl des3 -d -in encrypted.txt -out normal.txt
The previously set password will be required to decrypt the file. Other than switching the placement of the input and output, where again the original file stays put, the main difference here is the -d flag which tells openssl to decrypt the file.
Naturally, you’re probably wondering what happens if you try to open a file that has been encrypted with OpenSSL without entering the password?
You’ll probably get an error message, but if you force open the file with something like TextEdit, you’ll see the text “Salted” followed by a bunch of gibberish. The file will remain unreadable until it has been decrypted through openssl again.
