Skip to content
OpenSSL file encryption / decryption POSIX shell scripts
Shell Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.safeclean-openssl-encryption
LICENSE
Makefile
README.md
SHA512SUM
decrypt-file-aes256
encrypt-file-aes256

README.md

OpenSSL file encryption / decryption shell scripts

Encryption cipher is AES-256 in CBC mode.

Message digest is SHA-512 (from SHA-2 family); this had changed from SHA-256 used before version 2.0.

They are standard POSIX shell scripts, which should work in any Linux distribution (more precisely, your shell).

Multiple arguments (files) and / or pipes are currently not supported.


Requirements (dependencies)

openssl >= 1.1.1, df, du, tail, awk


Download, Authenticity check, and Extract

  1. Download the latest release and its signature from here:

    https://github.com/burianvlastimil/openssl-file-encryption-decryption-shell-scripts/releases/latest

  2. Go to the download directory, where you have saved the files (note that you need the signature file too).

  3. Import my public GPG key:

    gpg --recv-keys 7D2E022E39A88ACF3EF6D4498F37AF4CE46008C3
    
  4. Verify autenticity of the archive:

    gpg --verify openssl-encryption.tar.xz.asc openssl-encryption.tar.xz
    
  5. Extract the xz packed tarball with:

    tar -xJvf openssl-encryption.tar.xz
    

Installation

There are basically 3 ways to install the scripts:

  1. Easy being to use the Makefile's default location, which is /usr/local/bin:

    sudo make install
    
  2. Advanced users may install the scripts wherever they wish, in this example to current directory's ./test sub-directory:

    make install PREFIX=./test
    

    Note 1: the destination directory will be created if it does not exist. Note 2: sudo is not needed in this case, so even non-root users can install them easily.

  3. Experts may avoid the Makefile altogether and copy the two files into whichever destination they wish.


Uninstallation / Removal

It is as simple as the installation method you chose.

  1. If you have chosen to use the Makefile method #1, it is as simple as:

    sudo make uninstall
    
  2. If you have chosen to use the Makefile method #2, it is also very easy:

    make uninstall PREFIX=./test
    
  3. If you have chosen to avoid the makefile, you are advanced enough to handle this.


Usage

  1. Encryption

    encrypt-file-aes256 filename
    

    will always produce the filename with .enc extension, even if you encrypt a file multiple files, for instance the following file:

    filename.enc.enc.enc
    

    has been encrypted 3 times.

  2. Decryption

    decrypt-file-aes256 filename.enc
    

    will strip the defined .enc extension and produce a file named:

    filename
    

    Note, that it is entirely possible to decrypt files without the defined extension. In this case we will append .dec to the filename and produce for example:

    filename.dec
    

Exit codes

0 - Successful encryption / decryption.

1 - Some error occurred.


Testing

I did the following tests so far:

  • every fail exit code has been tested: PASS

  • encrypting / decrypting a very small file, 1 KB: PASS

  • encrypting / decrypting a medium size file, 15 GB: PASS

  • encrypting / decrypting a very large file, 750 GB: PASS


Reporting bugs and suggestions

Please open a new issue ticket.

You can’t perform that action at this time.