In this article we will encrypt (using AES 256 cbc) and password protect (Salt the AES) a file using the openssl binary.
The file we will encrypt will be the file secretfile.txt.As you can see it is just a plain text file.
[root@linux tmp]# cat secretfile.txt
This is a secret file that we do not want anyone to read.
Encrypt File
Use the openssl comand to encrypt your file and then test the new file is fully encrypted.
[root@linux tmp]# openssl aes-256-cbc -salt -in secretfile.txt -out secretfile.txt.aes
enter aes-256-cbc encryption password:
Verifying – enter aes-256-cbc encryption password:
[root@linux tmp]# cat secretfile.txt.aes
3b¦ted__Ù.:SLìÕ§ÕL<Jdc
u3AÈF\V!ê:S2;³âÿ.LfjÏ©ù!_b*&)Stfù
Decrypt File
Decrypt the file and then confirm the decypted file is readable.
[root@linux tmp]# openssl aes-256-cbc -d -salt -in secretfile.txt.aes -out secretfile.txt
enter aes-256-cbc decryption password:
[root@linux tmp]# cat secretfile.txt
This is a secret file that we do not want anyone to read.
Further notes : In a non-interactive scenario (such as using this within a script) were you require no input from the shell (user), you can use the -k to specify the password. Such as `openssl aes-256-cbc -salt -in secretfile.txt -out secretfile.txt.aes -k [password]`.
- NETCONF & YANG: Automate Network Configs via Python - April 2, 2026
- Palo Alto – How to Configure Your Next-Generation Firewall - April 2, 2026
- How to Harden Linux SSH: Keys, Fail2ban & Ciphers - March 1, 2026
Want to become a Linux expert ?
Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
Delta Practice Tests