LabEx
Log InJoin Free

Encrypt Files in OpenSSL

LinuxBeginner
Practice Now

Introduction

In this lab, you will learn how to use OpenSSL for file encryption and decryption, a crucial skill in cybersecurity. You will practice generating a symmetric key and applying AES encryption to protect sensitive data through hands-on exercises.

This lab walks you through installing OpenSSL, creating a test file, and performing a complete encryption-decryption cycle. This practical experience will help you understand fundamental data protection techniques used in real-world applications.

This is a Guided Lab, which provides step-by-step instructions to help you learn and practice. Follow the instructions carefully to complete each step and gain hands-on experience. Historical data shows that this is a beginner level lab with a 96% completion rate. It has received a 98% positive review rate from learners.

Install and Verify OpenSSL

In this step, you will install OpenSSL, a powerful toolkit for implementing secure communications. While OpenSSL is often included in Linux distributions, this step ensures it is correctly installed and ready for use.

First, verify OpenSSL is installed by checking the installed version.

openssl version

You should see output similar to the following, indicating the version of OpenSSL on your system.

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Finally, you can display the help menu to see a list of available commands and confirm that OpenSSL is functioning correctly.

openssl help

This command will list the various cryptographic operations OpenSSL can perform, which we will explore in the next steps.

Create a Sample File for Encryption

In this step, you will create a simple text file to use for our encryption and decryption exercises. Using a known file allows us to easily verify that the process works correctly by comparing the original and decrypted content.

Your terminal should already be in the /home/labex/project directory. We will create the file here.

First, use the nano text editor to create a new file named sample.txt.

nano sample.txt

Once nano opens, type the following text into the editor:

This is a sample text file for encryption testing.
LabEx Cybersecurity Lab - AES Encryption Demo.

Now, save the file and exit nano:

  1. Press Ctrl + O to write the changes to the file.
  2. Press Enter to confirm the filename (sample.txt).
  3. Press Ctrl + X to exit the editor.

To confirm the file was created correctly, display its contents using the cat command.

cat sample.txt

The output should show the exact text you entered:

This is a sample text file for encryption testing.
LabEx Cybersecurity Lab - AES Encryption Demo.

This sample file is now ready for the encryption process in the upcoming steps.

Generate a Symmetric Encryption Key

In this step, you will generate a symmetric key, which is a secret key used for both encrypting and decrypting data. We will use OpenSSL to create a strong, random key suitable for AES-256 encryption, a highly secure and widely adopted standard.

Ensure you are in your project directory, /home/labex/project.

cd ~/project

Use the openssl rand command to generate 32 bytes (256 bits) of random data and save it in hexadecimal format to a file named symmetric_key.hex.

openssl rand -hex 32 > symmetric_key.hex

View the generated key to see what it looks like.

cat symmetric_key.hex

The output will be a 64-character hexadecimal string, which represents your 256-bit key. It will look something like this (your key will be different):

2f8b5e9a1c3d4e6f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f

Since this key can unlock your data, it is critical to protect it. Use the chmod command to set the file permissions so that only the file owner (you) can read and write to it.

chmod 600 symmetric_key.hex

Finally, verify the file permissions with ls -l.

ls -l symmetric_key.hex

The output should show permissions as -rw-------, confirming that the file is secured.

-rw------- 1 labex labex 65 Nov 15 10:30 symmetric_key.hex

With the key generated and secured, you are now ready to encrypt the sample file.

Encrypt the File with AES

Now you will use the symmetric key to encrypt sample.txt. We will use the AES-256-CBC encryption cipher. AES (Advanced Encryption Standard) with a 256-bit key is a strong encryption algorithm, and CBC (Cipher Block Chaining) is a mode of operation that enhances security by making each encrypted block dependent on the previous one.

The openssl enc command handles encryption. We will specify the cipher, input file, output file, and the key file.

Run the following command to encrypt sample.txt and save the output to sample.enc.

openssl enc -aes-256-cbc -in sample.txt -out sample.enc -pass file:symmetric_key.hex
  • -aes-256-cbc: Specifies the encryption cipher.
  • -in sample.txt: The input file to encrypt.
  • -out sample.enc: The name of the output (encrypted) file.
  • -pass file:symmetric_key.hex: Tells OpenSSL to use the content of symmetric_key.hex as the password (key).

After running the command, list the files to see the new encrypted file, sample.enc.

ls -l

You will notice that sample.enc is slightly larger than sample.txt due to encryption overhead like padding and metadata.

total 12
-rw-r--r-- 1 labex labex   96 Nov 15 10:35 sample.enc
-rw-r--r-- 1 labex labex   89 Nov 15 10:20 sample.txt
-rw------- 1 labex labex   65 Nov 15 10:30 symmetric_key.hex

If you try to view the contents of the encrypted file, you will see unreadable binary data.

cat sample.enc

The garbled output confirms that the file has been successfully encrypted.

Decrypt the File and Verify Integrity

In this final step, you will decrypt sample.enc to get the original text back. This will confirm that your key works and the entire encryption-decryption cycle was successful.

To decrypt the file, you will use the openssl enc command again, but this time with the -d flag to specify decryption.

Run the following command to decrypt sample.enc and save the result to a new file, sample.dec.

openssl enc -d -aes-256-cbc -in sample.enc -out sample.dec -pass file:symmetric_key.hex

Now, let's verify that the decryption worked. The best way to check is to compare the decrypted file (sample.dec) with the original file (sample.txt). The diff command is perfect for this.

diff sample.txt sample.dec

If the files are identical, this command will produce no output, which means the decryption was successful.

For a final visual confirmation, display the contents of the decrypted file.

cat sample.dec

The output should be the exact same as your original sample.txt file:

This is a sample text file for encryption testing.
LabEx Cybersecurity Lab - AES Encryption Demo.

You have now successfully encrypted a file and decrypted it back to its original form using OpenSSL.

Summary

In this lab, you have gained hands-on experience with file encryption and decryption using OpenSSL. You learned how to generate a strong symmetric key, use it to encrypt a file with the AES-256 algorithm, and then decrypt the file to restore the original data. This process is a fundamental skill for protecting sensitive information in cybersecurity.

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

linux
Become a Junior System Administrator

Become a Junior System Administrator

linuxshell
Linux for Noobs

Linux for Noobs

linux