Symmetrically encrypting on the command line
To encrypt:
$ openssl enc -e -aes256 -base64 -in secret.txt
openssl
will prompt for your encryption password, encrypt the contents of secret.txt
, and print a Base64-encoded string.
To decrypt:
$ openssl enc -d -aes256 -base64 -in secret.txt.enc
openssl
will prompt for your decryption password and print the decrypted contents of secret.txt.enc
.
Explaining the options in a bit more detail:
-e
: Encrypt the input data.-d
: Decrypt the input data.-aes256
: Use the AES-256-CBC cipher.-aes256
is short for-aes-256-cbc
.-base64
: Use Base64 encoding.-in
: The input file to read from.
Unfortunately, openssl
provides almost no long options. For example, there’s no --encrypt
for -e
.
You could also use gpg
instead of openssl
. I chose openssl
because it’s pre-installed on macOS.