How to encrypt and decrypt files using openssl and a password \ stacker news ~crypto

Every time I feel like I should save something encrypted—especially because my NixOS installation is not using FDE, but that's a story for another day—, I realize I have no idea how to do this except that it should be possible with openssl which is quite embarrassing as the founder of ~crypto and ~security.

So I am writing this post to never need to look at the massive manual for openssl just to encrypt a file again.

Encryption

Encrypt file with AES-256-CTR, use PBKDF2 as the password hashing algorithm and use base64 encoding for the output:

$ openssl enc -aes-256-ctr -pbkdf2 -a -in <file>

will prompt for password

Decryption

Same as above with but -d:

$ openssl enc -d -aes-256-ctr -pbkdf2 -a -in <file>

Btw, I used AES-256-CTR here because I know it should be safe and I don't want to research all the other ciphers I could use. Maybe ChaCha20 would be safer??

Which cipher would you use to store, say, an API key? Would you even use openssl for that since it's quite low-level and you can probably easily shoot yourself in the foot with it?

100 sats \ 2 replies \ @Fenix 3 Nov

Not too old and very good

0 sats \ 1 reply \ @ek OP 3 Nov

Thanks! I totally forgot about this. I should add it to my blog.

How did you come across this post?

0 sats \ 0 replies \ @Fenix 14h

I was looking at a post about encryption and yours was in the suggested items; I always take a look there.

Which do you usually feed first, the blog or the SN?