Let’s assume you want to transfer a file securily to a friend, for exmaple.
There are basically 2 ways to accomplish this: with a symmetric CBC (Cyclic Block Cipher), like for example AES-256-CBC; or with a keypair,
We will cover here only the first one.
In short, if you want the encryption to be platform independent (and you want that, right ?) you should openssl.
To encrypt the file:
openssl aes-256-cbc -in secrets.txt -out secrets.txt.encTo decrypt, use the inverse operation:
openssl aes-256-cbc -d -in secrets.txt.enc -out secrets.txtIf the message is simple enough (like a one liner, or just a few ones), you can even dump it to a base64 string, so that you can attach it directly to the body of an email:
$ echo "this is a serious secret" | openssl aes-256-cbc -base64
enter aes-256-cbc encryption password: XXX
Verifying - enter aes-256-cbc encryption password: XXX
U2FsdGVkX18QYRCy52o6GQIHx9TaW8VgCJKEwKf8tFdGmpqKhPx30pFDLYkrbQw5
$ echo "U2FsdGVkX18QYRCy52o6GQIHx9TaW8VgCJKEwKf8tFdGmpqKhPx30pFDLYkrbQw5" | openssl aes-256-cbc -d -base64
enter aes-256-cbc decryption password: XXX
this is a serious secretMake sure to always use a strong cipher with a CBC type. At a minimum, pick the aes-256-cbc. To list all available ciphers do:
$ openssl enc --help
options are
-in <file> input file
-out <file> output file
-pass <arg> pass phrase source
-e encrypt
-d decrypt
-a/-base64 base64 encode/decode, depending on encryption flag
-k passphrase is the next argument
-kfile passphrase is the first line of the file argument
-md the next argument is the md to use to create a key
from a passphrase. One of md2, md5, sha or sha1
-S salt in hex is the next argument
-K/-iv key/iv in hex is the next argument
-[pP] print the iv/key (then exit if -P)
-bufsize <n> buffer size
-nopad disable standard block padding
-engine e use engine e, possibly a hardware device.
Cipher Types
-aes-256-cbc
-bf-cbc
(im listing only the important ones here...)For more infromation visit:
The sites below will give you a good glimpse of how safe is your password: