Have you ever wanted to quickly and easily encrypt files in Linux without having to install and learn new software packages? Here's an excellent and easy way to easily encrypt files or directories via AES256 secured with a password, helping keep your files away from prying eyes.
The Basics of Encryption With OpenSSL
It is important to note that there is a whole lot more to encryption than this.
It may be prudent of you to read the OpenSSL documentation before trusting this method with your data. Nonetheless, assuming you're not trying to evade the NSA or Russian military, this method should work perfectly for keeping your files and directories secure and inaccessible to others.
Install OpenSSL
You do need the popular OpenSSL package installed, so first check to see if it's already installed with the Linux command:
openssl version
If it prints the current version number, you're all set for the next section. Otherwise, if you receive a "command not found" error, you may easily install OpenSSL via apt-get:
sudo apt-get -y install openssl
Encrypt and Decrypt Files
For example, if you wanted to encrypt a file named data.tar.gz, you would run the command:
openssl aes-256-cbc -a -salt -iter 5 -in data.tar.gz -out data.enc
You will be prompted to enter an encryption password twice, which can be anything you wish. This command will result in a new data.enc file as the newly encrypted file. Please note, this will leave the original data.tar.gz file in its place, so please ensure to delete it if necessary.
When desired, you may decrypt the data.enc file with the command:
openssl aes-256-cbc -d -a -iter 5 -in data.enc -out data_decrypted.tar.gz
The above command will prompt you for the encryption password, then result in a data_decrypted.tar.gz file containing the decrypted version of your file.
Encrypt and Decrypt Directories
The commands in the above section work great for individual files, but what happens if you wish to encrypt an entire directory? There is no built-in support in OpenSSL for this, but thanks to the magic of Linux, this is no problem. For example, if you wanted to encrypt a directory named "documents" you could use the command:
tar -cf tmpdata.tar documents && gzip tmpdata.tar && openssl aes-256-cbc -a -salt -iter 5 -in tmpdata.tar.gz -out documents.enc && rm -f tmpdata.tar.gz
Bit of a mouthful, but the only two places in the above command you need to modify are "documents" in the first segment which is the directory to encrypt, and "documents.enc" in the third segment which is the resulting encrypted file. This command will archive the directory, encrypt it, then delete the temporary archive created leaving a single encrypted documents.enc file in its place.
Decrypting the newly created documents.enc file is just as easy with the command:
openssl aes-256-cbc -d -a -iter 5 -in documents.enc -out tmpdata.tar.gz && tar -xzf tmpdata.tar.gz && rm -f tmpdata.tar.gz
The only part of the above command you need to modify is "documents.enc" in the first segment which is the name of the encrypted file. This command will prompt you for the encryption password, proceed to decrypt and unpack the archive, then delete the temporary archive leaving the decrypted directory as a result.
Protect Your Data
Now that you know how easy it is to quickly encrypt and decrypt your data, put your knowledge to use and keep your private data secure and avoid data breaches. Again to reiterate, there is much more to encryption than presented here and the above is not meant to evade law enforcement or highly skilled and determined hackers.
However, if you simply want to protect your data against prying eyes such as that of your brother in-law or the computer repair technician, then the above methods should do the trick beautifully.