Encrypt/Decrypt folders on Linux using Openssl to securely backup your files

In my previous two posts I have introduced how to encrypt and decrypt a string and files in Linux using Openssl. I have expanded the script to encrypt and decrypt folders in Linux using Openssl which you can use to e.g. securely backup your files

You can get the source for this on Github: https://github.com/terencejackson8000/encrypt_decrypt.

The script extension to the previous version is as follows:

#!/usr/bin/env bash

#Get the parameteres of the script and assign them
while getopts m:s:p: flag
do
    case "${flag}" in
        m) mechanism=${OPTARG};;
        s) string=${OPTARG};;
        p) password=${OPTARG};;
    esac
done

#Check if all parameters are set, if not show an error message and exit the script
if [ -z "$mechanism" ] || [ -z "$string" ] || [ -z "$password" ]
    then echo "You need to set all variables to run the script: -m enc for encryption or dec for decryption, -s The string to encrypt/decrypt, -p The password for the encryption/decryption"
    exit 0
fi


#if the mechanism is encryption => encrypt the string, if the mechanism is decryption => decrypt the string
if [ $mechanism == 'enc' ]
    then
    #Check if input string is a directory
    if [ -d "$string" ]
        then
        #Get the last folder of the provided path
        dir=$(basename $string)
        #Compress the folder
        tar -czvf "${dir}.tar.gz" $string
        #Encrypt the tar file
        openssl enc -e -a -in "${dir}.tar.gz" -aes-256-cbc -salt -pass pass:$password -pbkdf2 -base64 -out "${dir}.enc"
        #Delete the tar file
        rm "${dir}.tar.gz"
        echo "Folder encryption done"
    #Check if input string is a file
    elif [ -f "$string" ]
        then 
        openssl enc -e -a -in $string -aes-256-cbc -salt -pass pass:$password -pbkdf2 -base64 -out "${string}.enc"
        echo "File encryption done"
    else
        echo $string | openssl enc -base64 -e -aes-256-cbc -salt -pass pass:$password -pbkdf2
    fi
elif [ $mechanism == 'dec' ]
    then
    if [ -f "$string" ]
        then
        new_str=$(echo $string | sed 's/.enc//')
        openssl enc -d -a -in $string -aes-256-cbc -salt -pass pass:$password -pbkdf2 -base64 -out $new_str
        echo "File decryption done"
    else
        echo $string | openssl enc -base64 -d -aes-256-cbc -salt -pass pass:$password -pbkdf2
    fi
else
    echo "Mechanism (-m) must be enc for encryption or dec for decryption"
fi

What the script does is:

  1. Check if the input is a folder
  2. If it is a folder, compress this folder using tar
  3. Encrypt the tar file and store it
  4. Remove the tar file

That's it, you can now encrypt and decrypt folders on Linux using Openssl with basically the same command as in the string encryption and decryption:

./encrypt_decrypt.sh -m enc -s /path/to/folder -p SuperS3curePassw0rd!

As output you will then get a folder.enc file which you can also decrypt easily:

./encrypt_decrypt.sh -m dec -s /path/to/folder.enc -p SuperS3curePassw0rd!

As a result you will get a tar.gz file with the folder content compressed. If you decompress it, you will get you encrypted data back.