File encryption relates to the provision of security to user/system files residing on a media device like a hard drive or USB drive. For such files to be encrypted, they need to be in a stored state such that no process or program is actively accessing/working on them. Encrypted files are stored locally and therefore discouraged from being sent over a network.
When a file is encrypted, and data needs to be added to it, it is temporarily decrypted until the said user/program finishes writing and/or reading data and afterward encrypted again. The sole purpose of encrypting files is to prevent unauthorized reading, writing, copying, and/or deletion of the targeted files.
OpenSSL is a software library that provides secure communication between applications over a configured network. Most HTTPS websites and internet servers make use of this software library to prevent eavesdropping and also to identify the parties they are communicating with on the other side of the network.
This tutorial will walk us through encrypting a large file with OpenSSL in Linux.
Create Example Reference File
Since this tutorial focuses on encrypting large files, we will need to create one. We can use the fallocate command which is part of the Util-Linux package.
Let us create a 1GB large text file using the fallocate command:
$ fallocate -l 1024M test.txt
We should be able to add some text to this file using the echo command.
$ echo "LinuxShellTips tutorial on encrypting a large file with OpenSSL in Linux" >> test.txt
We can use the cat command to confirm what we wrote to the file:
$ cat test.txt
Encrypt File with Password Using OpenSSL
Here, a single password or secret key will be used to encrypt our large text file. The symmetric-key encryption algorithm we will be referencing is AES (Advanced Encryption Standard).
This algorithm can accommodate 128, 192, and 256 bits cryptographic keys for data in 128 bits blocks to be successfully encrypted and decrypted.
To encrypt the large test.txt file, we will run the command:
$ openssl enc -aes-256-cbc -pbkdf2 -p -in test.txt -out test.txt.enc
The explanation of the options used in the above command.
- enc executes the symmetric key encryption process.
- -aes-256-cbc specifies the use of 256 bits cryptographic key.
- -pbkdf2 is the default algorithm being used.
- -p prints used salt, key, and IV.
- -in points to the input file.
- -out points to the output file.
When the command executes, you will be asked to enter and confirm your preferred encryption password. We can use the cat command to confirm that we can no longer read the file.
$ cat test.txt.enc
You will get an output similar to the following:
To decrypt the file, run:
$ openssl aes-256-cbc -d -pbkdf2 -in test.txt.enc -out sample_decrypted.txt
You will be required to enter the encryption password you generated earlier.
Encrypt File with Key Using OpenSSL
The first step is to generate a key file:
$ openssl rand 256 > symmetric_keyfile.key
We can now use the keyfile to encrypt our file:
$ openssl enc -in test.txt -out test.txt.enc -e -aes-256-cbc -pbkdf2 -k symmetric_keyfile.key
The cat command should confirm that the file can’t be read.
$ cat test.txt.enc
To decrypt the file, run:
$ openssl enc -in test.txt.enc -out draft_decrypted.txt -d -aes-256-cbc -pbkdf2 -k symmetric_keyfile.key
Asymmetric Encryption
Using this approach where a private key is generated and a public key generated from it is not compatible with encrypting large files as you will run into the error: data too large for key size.
We have successfully encrypted a large file with OpenSSL in Linux.
