How do I password protect / encrypt a file within Linux using OpenSSL ?

In this article we will encrypt (using AES 256 cbc) and password protect (Salt the AES) a file using the openssl binary.

The file we will encrypt will be the file secretfile.txt.As you can see it is just a plain text file.

[root@linux tmp]# cat  secretfile.txt
This is a secret file that we do not want anyone to read.

Encrypt File

Use the openssl comand to encrypt your file and then test the new file is fully encrypted.

[root@linux tmp]# openssl aes-256-cbc -salt -in secretfile.txt -out secretfile.txt.aes
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

[root@linux tmp]# cat  secretfile.txt.aes

Decrypt File

Decrypt the file and then confirm the decypted file is readable.

[root@linux tmp]# openssl aes-256-cbc -d -salt -in secretfile.txt.aes -out secretfile.txt
enter aes-256-cbc decryption password:

[root@linux tmp]# cat secretfile.txt
This is a secret file that we do not want anyone to read.

Further notes : In a non-interactive scenario (such as using this within a script) were you require no input from the shell (user), you can use the -k to specify the password. Such as `openssl aes-256-cbc -salt -in secretfile.txt -out secretfile.txt.aes -k [password]`.


About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001