How To Encrypt Files With OpenSSL

Learning how to encrypt files is extremely useful in today’s world. In addition to encrypting files, you can also password protect your files with OpenSSL. By encrypting files, no one would be able to read or open your files without first decrypting them. OpenSSL allows you to use excellent encryption on your files, and if you use it correctly, even if someone does intercept some of your data or hack your computer, it might not be worth it for them to decrypt the data due to the huge amount of time and computing power required to do so. In some cases, it might take a supercomputer years to decrypt a well encrypted file, or it may even be essentially impossible due to how much time it would take to do so. Banks, corporations, and governments around the world use encryption, and it is a very good practice to do so to protect yourself and your essential data.

Image via

(Note that OpenSSL is the name of the tool but the actual command is called openssl. It is case sensitive.)

Installation of OpenSSL

Linux Users

Almost all modern Linux distros come with OpenSSL installed with them. But just in case, check to make sure it is installed. If it isn’t, you can install it in Ubuntu or Debian by doing:

sudo apt-get install openssl

Windows and Mac OS X users

For Windows and Mac OS X users, you can download OpenSSL here:

Here is how you encrypt files with OpenSSL

Step 1: Encrypting your file

First, let’s assume that your file is located in ~/ (or choose another location of your choice). Open up a terminal and navigate to where the file is. Assuming it is in ~/

cd ~/

Here is how you will encrypt your file
Let’s say that your file is called file1. And let’s say that you want to call the encrypted version of the file, file1_encrypted. (Adjust for what your actual file is called and what you want the output file to be called). The full command would be:

openssl enc -aes-256-cbc -e -in file1 -out file1_encrypted

Now I will walk through what each part of that command means.
openssl is the actual command. enc means encoding with a cipher. -aes-256-cbc is an option we give it. aes-256-cbc is a common and secure cipher. We are telling it we want to use the cipher aes-256-cbc. To learn more about ciphers go here.

The -e option tells openssl that you want to encrypt. The -in option means the input file you are giving openssl to encrypt. -out means the output file you want created after your input file is encrypted.
Once you do the command:

openssl enc -aes-256-cbc -e -in file1 -out file1_encrypted

You will be asked twice to enter in a password. First it will say:
enter aes-256-cbc encryption password:
The second time it will say:
Verifying – enter aes-256-cbc encryption password

As for what you should choose as a password, the longer and more complex the password, the better. Assuming you navigated to where your file is and you entered the command as I described, you should now have an encrypted file called file1_encrypted (or whatever you chose to name it).

Step 2: Decrypt your encrypted file

Now, just to make sure you encrypted your file correctly, we want to copy that file to /tmp/ (or a different folder of your choice)

cp file1_encrypted /tmp

then go into /tmp  by doing:

cd /tmp/

Now we will decrypt the encrypted file
The decrypting command is almost identical to the encrypting command except for a few small differences. We substitute -d (-d means decrypt) for -e and your input file is now file1_encrypted and your output file is file1. Here is the command for decrypting that file:

openssl enc -aes-256-cbc -d -in file1_encrypted -out file1

Once you type in that command, you will get a message saying:
enter aes-256-cbc decryption password:
Enter your password that you chose for encrypting the file

If you don’t get a message that says something like bad decrypt it should have decrypted correctly.

But, if you get a message saying “bad decrypt” followed by a longer message, you either typed in the wrong password or you made a mistake with the command.

Step 3: Check to make sure the decrypted file and your original file are the same

Now, you are still in /tmp/ (or wherever you chose to copy your encrypted file). Let’s assume you chose to have your original file in ~/
Check to make sure that the decrypted file and your original file are the same by doing

diff file1 ~/file1/

If you get no message, it means that they are the same, which means you encrypted and decrypted the file correctly. Now your encrypted file is good. You can delete the original file and the files you made in /tmp/ and just keep the encrypted version of it. Make sure to copy down the password for it either on paper or somewhere secure on your computer otherwise you might not be able to recover the file if you forget the password.

I use this command all the time to encrypt my files. While I also use other security measures like using HTTPS, VPNs and Tor, I have piece of mind that even if someone intercepts my data, they won’t be able to read it. What did you think of this article? Let’s discuss this topic in the comments below.

Leave a Reply