Sign in Subscribe
development

Encrypt/Decrypt files on Linux using Openssl

Sven Sommerfeld

1 min read

In my previous post I have introduced how to encrypt and decrypt a string in Linux using Openssl. I have expanded the script to encrypt and decrypt files in Linux using Openssl

You can get the source for this on Github: https://github.com/terencejackson8000/encrypt_decrypt.

The script extension to the previous version is as follows:

#!/usr/bin/env bash

#Get the parameteres of the script and assign them
while getopts m:s:p: flag
do
    case "${flag}" in
        m) mechanism=${OPTARG};;
        s) string=${OPTARG};;
        p) password=${OPTARG};;
    esac
done

#Check if all parameters are set, if not show an error message and exit the script
if [ -z "$mechanism" ] || [ -z "$string" ] || [ -z "$password" ]
    then echo "You need to set all variables to run the script: -m enc for encryption or dec for decryption, -s The string to encrypt/decrypt, -p The password for the encryption/decryption"
    exit 0
fi


#if the mechanism is encryption => encrypt the string, if the mechanism is decryption => decrypt the string
if [ $mechanism == 'enc' ]
    then
    #Check if input string is a file
    if [ -f "$string" ]
        then 
        openssl enc -e -a -in $string -aes-256-cbc -salt -pass pass:$password -pbkdf2 -base64 -out "${string}.enc"
        echo "File encryption done"
    else
        echo $string | openssl enc -base64 -e -aes-256-cbc -salt -pass pass:$password -pbkdf2
    fi
elif [ $mechanism == 'dec' ]
    then
    if [ -f "$string" ]
        then
        new_str=$(echo $string | sed 's/.enc//')
        openssl enc -d -a -in $string -aes-256-cbc -salt -pass pass:$password -pbkdf2 -base64 -out $new_str
        echo "File decryption done"
    else
        echo $string | openssl enc -base64 -d -aes-256-cbc -salt -pass pass:$password -pbkdf2
    fi
else
    echo "Mechanism (-m) must be enc for encryption or dec for decryption"
fi

That's it, you can now encrypt and decrypt files on Linux using Openssl with basically the same command as in the string encryption and decryption:

./encrypt_decrypt.sh -m enc -s /path/to/file.txt -p SuperS3curePassw0rd!

As output you will then get a file.enc file which you can also decrypt easily:

./encrypt_decrypt.sh -m dec -s /path/to/file.enc -p SuperS3curePassw0rd!