Encrypt/Decrypt a file with GPG and OpenSSL on Linux

$Linux-Encryption-Tutorial.md

Encrypt/Decrypt a file with GPG and OpenSSL on Linux

This tutorial helps you encrypt and decrypt a file with OpenSSL and GPG.

Note that it is recommended to use GPG.

Source: https://stackoverflow.com/questions/28247821/openssl-vs-gpg-for-encrypting-off-site-backups

GPG

File encryption

gpg --output encrypted.data --symmetric --cipher-algo AES256 un_encrypted.data

File decryption

gpg --output un_encrypted.data --decrypt encrypted.data

OpenSSL

File encryption

openssl enc -e -cipher -salt [-S SALT] -k PASSWORD -in INPUT_FILE -out OUTPUT_FILE

with:

• -cipher being a cipher (like -aes-256-cbc). The full list of supported cipher can be accessed by typing openssl enc -ciphers or by reading the file OpenSSL-supported-ciphers.txt below.
• -salt to specify to add a random salt. You can specify the salt with -salt -S SALT (SALT must be an hexadecimal value), or disable the salt with -nosalt.
• -k PASSWORD the password that will protect the file. If not given, it will be read from the terminal (recommended). you can also pass -kfile FILE to read the password from a file.
• -in INPUT_FILE The file to encrypt.
• -out OUTPUT_FILE The encrypted file that will be created at the end.

File decryption

openssl enc -d -cipher -salt [-S SALT] -k PASSWORD -in INPUT_FILE -out OUTPUT_FILE

with:

• -cipher being a cipher (like -aes-256-cbc). The full list of supported cipher can be accessed by typing openssl enc -ciphers or by reading the file OpenSSL-supported-ciphers.txt below. It must be the same cipher for encryption and decryption.
• -salt to specify to add a random salt. You can specify the salt with -salt -S SALT (SALT must be an hexadecimal value), or disable the salt with -nosalt. It must be the same parameter for encryption and decryption.
• -k PASSWORD the password that protects the file. If not given, it will be read from the terminal (recommended). you can also pass -kfile FILE to read the password from a file. It must be the same password for encryption and decryption.
• -in INPUT_FILE The encrypted file.
• -out OUTPUT_FILE The decrypted file that will be created at the end.

Encrypt Multiple Files

To encrypt multiple files with GPG or OpenSSL, you must first compress them using tar(1).

Compression

To compress multiple files or directories:

tar czf myfiles.tar.gz file1 file2 mydirectory/

Uncompress

Once you have decrypted the files, you need to uncompress them:

tar xzf myfiles.tar.gz

OpenSSL-supported-ciphers.txt

base64             Base 64

bf-cbc             Blowfish in CBC mode
bf                 Alias for bf-cbc
blowfish           Alias for bf-cbc
bf-cfb             Blowfish in CFB mode
bf-ecb             Blowfish in ECB mode
bf-ofb             Blowfish in OFB mode

cast-cbc           CAST in CBC mode
cast               Alias for cast-cbc
cast5-cbc          CAST5 in CBC mode
cast5-cfb          CAST5 in CFB mode
cast5-ecb          CAST5 in ECB mode
cast5-ofb          CAST5 in OFB mode

chacha20           ChaCha20 algorithm

des-cbc            DES in CBC mode
des                Alias for des-cbc
des-cfb            DES in CFB mode
des-ofb            DES in OFB mode
des-ecb            DES in ECB mode

des-ede-cbc        Two key triple DES EDE in CBC mode
des-ede            Two key triple DES EDE in ECB mode
des-ede-cfb        Two key triple DES EDE in CFB mode
des-ede-ofb        Two key triple DES EDE in OFB mode

des-ede3-cbc       Three key triple DES EDE in CBC mode
des-ede3           Three key triple DES EDE in ECB mode
des3               Alias for des-ede3-cbc
des-ede3-cfb       Three key triple DES EDE CFB mode
des-ede3-ofb       Three key triple DES EDE in OFB mode

desx               DESX algorithm.

gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine)

idea-cbc           IDEA algorithm in CBC mode
idea               same as idea-cbc
idea-cfb           IDEA in CFB mode
idea-ecb           IDEA in ECB mode
idea-ofb           IDEA in OFB mode

rc2-cbc            128 bit RC2 in CBC mode
rc2                Alias for rc2-cbc
rc2-cfb            128 bit RC2 in CFB mode
rc2-ecb            128 bit RC2 in ECB mode
rc2-ofb            128 bit RC2 in OFB mode
rc2-64-cbc         64 bit RC2 in CBC mode
rc2-40-cbc         40 bit RC2 in CBC mode

rc4                128 bit RC4
rc4-64             64 bit RC4
rc4-40             40 bit RC4

rc5-cbc            RC5 cipher in CBC mode
rc5                Alias for rc5-cbc
rc5-cfb            RC5 cipher in CFB mode
rc5-ecb            RC5 cipher in ECB mode
rc5-ofb            RC5 cipher in OFB mode

seed-cbc           SEED cipher in CBC mode
seed               Alias for seed-cbc
seed-cfb           SEED cipher in CFB mode
seed-ecb           SEED cipher in ECB mode
seed-ofb           SEED cipher in OFB mode

sm4-cbc            SM4 cipher in CBC mode
sm4                Alias for sm4-cbc
sm4-cfb            SM4 cipher in CFB mode
sm4-ctr            SM4 cipher in CTR mode
sm4-ecb            SM4 cipher in ECB mode
sm4-ofb            SM4 cipher in OFB mode

aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
aes[128|192|256]       Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode
aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode

aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
aria[128|192|256]       Alias for aria-[128|192|256]-cbc
aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
aria-[128|192|256]-ctr  128/192/256 bit ARIA in CTR mode
aria-[128|192|256]-ecb  128/192/256 bit ARIA in ECB mode
aria-[128|192|256]-ofb  128/192/256 bit ARIA in OFB mode

camellia-[128|192|256]-cbc  128/192/256 bit Camellia in CBC mode
camellia[128|192|256]       Alias for camellia-[128|192|256]-cbc
camellia-[128|192|256]-cfb  128/192/256 bit Camellia in 128 bit CFB mode
camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
camellia-[128|192|256]-ctr  128/192/256 bit Camellia in CTR mode
camellia-[128|192|256]-ecb  128/192/256 bit Camellia in ECB mode
camellia-[128|192|256]-ofb  128/192/256 bit Camellia in OFB mode