To encrypt:

$ openssl enc -e -aes256 -base64 -in secret.txt

openssl will prompt for your encryption password, encrypt the contents of secret.txt, and print a Base64-encoded string.

To decrypt:

$ openssl enc -d -aes256 -base64 -in secret.txt.enc

openssl will prompt for your decryption password and print the decrypted contents of secret.txt.enc.


Explaining the options in a bit more detail:

  • -e: Encrypt the input data.
  • -d: Decrypt the input data.
  • -aes256: Use the AES-256-CBC cipher. -aes256 is short for -aes-256-cbc.
  • -base64: Use Base64 encoding.
  • -in: The input file to read from.

Unfortunately, openssl provides almost no long options. For example, there’s no --encrypt for -e.

You could also use gpg instead of openssl. I chose openssl because it’s pre-installed on macOS.