To create and encrypt a tar or gz (gzip) archive file with OpenSSL, the conventional form of using OpenSSL is:
# openssl command command-options arguments
Encrypt Files in Linux
To encrypt the contents of the current working directory (depending on the size of the files, this may take a while):
# tar -czf - * | openssl enc -e -aes256 -out secured.tar.gz
Explanation of the above command:
- enc – openssl command to encode with ciphers
- -e – a enc command option to encrypt the input file, which in this case is the output of the tar command
- -aes256 – the encryption cipher
- -out – enc option used to specify the name of the out filename, secured.tar.gz
Decrypt Files in Linux
To decrypt a tar archive contents, use the following command.
# openssl enc -d -aes256 -in secured.tar.gz | tar xz -C test
Explanation of the above command:
- -d – used to decrypt the files
- -C – extract in a subdirectory named test
With the encryption process, the following happens:
- extract the contents of the tarball the traditional way
- use the wrong password, and
- when you enter the right password
When you are working on a local network or the Internet, you can always secure your vital documents or files that you share with others by encrypting them, this can help reduce the risk of exposing them to malicious attackers.
We looked at a simple technique of encrypting tarballs using OpenSSL, an openssl command-line tool. You can refer to its man page for more information and useful commands.