I want to encrypt a file using AES-256. How can I do that quickly and easily, and how can I - or someone else -decrypt it again?
I want to encrypt a file using AES-256. How can I do that quickly and easily, and how can I - or someone else -decrypt it again?
Unfortunately, there is no easy solution to securing your stuff. Think about your use-case, maybe something other than plain AES is better suited.
If you want very simple platform independent encryption, you can use openssl.
If you still want to use openssl:
Encryption:
openssl aes-256-cbc -in attack-plan.txt -out message.enc
Decryption:
openssl aes-256-cbc -d -in message.enc -out plain-text.txt
You can get openssl to base64
-encode the message by using the -a
switch on both encryption and decryption. This way, you can paste the ciphertext in an email message, for example. It'll look like this:
stefano:~$ openssl aes-256-cbc -in attack-plan.txt -a
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX192dXI7yHGs/4Ed+xEC3ejXFINKO6Hufnc=
Note that you have a choice of ciphers and modes of operation. For normal use, I recommend aes 256 in CBC mode. These are the ciphers modes you have available (only counting AES):
aes-128-cbc ← this is okay
aes-128-ecb
aes-192-cbc
aes-192-ecb
aes-256-cbc ← this is recommended
aes-256-ecb
See also:
Please note:
OpenSSL will ask you for a password. This is not an encryption key, it is not limited to 32 bytes! If you're going to transfer files with someone else, your shared secret should be very strong. You can use this site to get a sense of how good your password is:
Warning: I have checked that these sites don't send your password to the server, but that can change at any time. Use these sites with dev tools / inspector and check if they send anything before typing in your strong password.