Blog | G5 Cyber Security

Simple File Encryption

G5 Cyber Security

TL;DR

This guide shows you how to encrypt files on your computer using tools that are probably already installed (like OpenSSL). It’s a basic method for keeping things private, but it’s not foolproof. For really important data, use more advanced encryption software.

Encrypting Files with OpenSSL

  1. Check if OpenSSL is Installed: Most Linux and macOS systems have OpenSSL pre-installed. Windows users might need to install it (see step 2). To check, open your terminal or command prompt and type: 
    openssl version

    If you see version information, you’re good to go!

  2. Install OpenSSL (if needed): If the above command doesn’t work on Windows, download and install OpenSSL from a reputable source. A common option is Shining Light Productions. Make sure to add the OpenSSL directory to your system’s PATH environment variable so you can use it from any command prompt window.
  3. Generate an Encryption Key: This key will be used to encrypt and decrypt your files. Keep this key very safe! Losing it means losing access to your data. 
    openssl rand -base64 32 > my_encryption_key.txt

    This creates a file named my_encryption_key.txt containing a random 32-byte key (which is pretty secure for basic use).

  4. Encrypt the File: Use OpenSSL to encrypt your file. 
    openssl enc -aes-256-cbc -salt -in my_secret_file.txt -out my_secret_file.enc -k "your_password"

    Replace my_secret_file.txt with the name of your file and your_password with a strong password. The -aes-256-cbc option specifies the encryption algorithm (AES with a 256-bit key), -salt adds extra security, and -k "your_password" provides the password directly on the command line. Be aware that providing the password this way is less secure than using a file or prompting for it.

    Alternatively, use the key file:

    openssl enc -aes-256-cbc -salt -in my_secret_file.txt -out my_secret_file.enc -pass file:my_encryption_key.txt
  5. Decrypt the File: To decrypt, use: 
    openssl enc -aes-256-cbc -d -salt -in my_secret_file.enc -out my_decrypted_file.txt -k "your_password"

    Replace my_secret_file.enc with the encrypted file name and your_password with the password you used for encryption.

    Or, using the key file:

    openssl enc -aes-256-cbc -d -salt -in my_secret_file.enc -out my_decrypted_file.txt -pass file:my_encryption_key.txt
  6. Important Security Notes:
    • Password Strength: Use a strong, unique password. A long passphrase is better than a short one.
    • Key File Safety: Protect your my_encryption_key.txt file! If someone gets it, they can decrypt your files. Consider storing it on separate media (like a USB drive) and keeping that secure.
    • Command Line History: Your password might be saved in your command line history. Clear your history after encrypting/decrypting if you used the -k option.
    • Not Perfect: This is basic encryption. It’s good for casual privacy, but not suitable for highly sensitive data. Consider dedicated cyber security software for stronger protection.
Exit mobile version