17

I'm using the OpenWrt Linux distribution and I want to encrypt a file using AES.

How can I do that quickly and easily, and how can I—or someone else—decrypt it again?

Matthias Braun
  • 32,039
  • 22
  • 142
  • 171
Ahmed202
  • 737
  • 3
  • 7
  • 12

3 Answers3

30

The quickest and easiest way is to use openssl util (provided by openssl-util package). For example, to encrypt a file, issue the following command:

openssl enc -aes-256-cbc -in file.txt -out file.enc

To decrypt:

openssl enc -d -aes-256-cbc -in file.enc -out file.dec
Vasily G
  • 859
  • 8
  • 16
  • working on OSX, if I run the two commands you describe, on the decryption I get the error: "error writing output file" and writes an empty file. it does ask for the password though. what could be wrong? – ekkis Nov 10 '17 at 20:53
  • 1
    when I try it on Ubuntu I get "bad decrypt" – ekkis Nov 10 '17 at 20:58
  • @ekkis I have just checked these commands - it works for me. Make sure you are in a directory you have permissions to write to (e.g. `cd /tmp`) and you created source file you want to encrypt (`file.txt`) beforehand. – Vasily G Nov 13 '17 at 07:03
  • 3
    This may not be the best answer, at least according to https://security.stackexchange.com/questions/182277/is-openssl-aes-256-cbc-encryption-safe-for-offsite-backup – Paul P Jul 27 '18 at 23:03
  • You forgot to add -pass pass:$YOUR_AES_ENCRYPTION_PASS – Aifos Si Prahs Dec 05 '22 at 21:05
1

The openssl encryption is not a good solution according to this, so please don't use it.

I've used https://www.aescrypt.com/ in the past and I was happy with it. If you want something that has been around for a while - that's not a bad start. It also has both a UI and a cli.

The fact that there is no small, easy to use and super simple cli tool for this purpose annoyed me so much that I sat down and wrote this https://github.com/ro-tex/aes256cli. I literally wrote it while this discussion was open on my screen, so I'm making no claims as to how good of a solution it is. I just wanted something that will do what I need with zero friction and this is good enough for me.

Ivaylo Novakov
  • 775
  • 6
  • 18
0

To encode:

cat 'yourfile' | openssl aes-128-cbc > 'encrypted file'

To decode: First, you have to remember your password which you used to encode, then:

cat 'encrypted file' | openssl enc -d -aes-128-cbc -k 'Your password' > 'decrypted file'
Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
0x27752357
  • 34
  • 4