Encryption cipher is AES-256 in CBC mode.
Message digest is SHA-512 (from SHA-2 family); this had changed from SHA-256 used before version 2.0.
They are standard POSIX shell scripts, which should work in any Linux distribution (more precisely, your shell).
Multiple arguments (files) and / or pipes are currently not supported.
openssl
>= 1.1.1, df
, du
, tail
, awk
-
Download the latest release and its signature from here:
https://github.com/burianvlastimil/openssl-file-encryption-decryption-shell-scripts/releases/latest
-
Go to the download directory, where you have saved the files (note that you need the signature file too).
-
Import my public GPG key:
gpg --recv-keys 7D2E022E39A88ACF3EF6D4498F37AF4CE46008C3
-
Verify autenticity of the archive:
gpg --verify openssl-encryption.tar.xz.asc openssl-encryption.tar.xz
-
Extract the
xz
packed tarball with:tar -xJvf openssl-encryption.tar.xz
There are basically 3 ways to install the scripts:
-
Easy being to use the Makefile's default location, which is
/usr/local/bin
:sudo make install
-
Advanced users may install the scripts wherever they wish, in this example to current directory's
./test
sub-directory:make install PREFIX=./test
Note 1: the destination directory will be created if it does not exist. Note 2:
sudo
is not needed in this case, so even non-root users can install them easily. -
Experts may avoid the
Makefile
altogether and copy the two files into whichever destination they wish.
It is as simple as the installation method you chose.
-
If you have chosen to use the
Makefile
method #1, it is as simple as:sudo make uninstall
-
If you have chosen to use the
Makefile
method #2, it is also very easy:make uninstall PREFIX=./test
-
If you have chosen to avoid the makefile, you are advanced enough to handle this.
-
Encryption
encrypt-file-aes256 filename
will always produce the
filename
with.enc
extension, even if you encrypt a file multiple files, for instance the following file:filename.enc.enc.enc
has been encrypted 3 times.
-
Decryption
decrypt-file-aes256 filename.enc
will strip the defined
.enc
extension and produce a file named:filename
Note, that it is entirely possible to decrypt files without the defined extension. In this case we will append
.dec
to the filename and produce for example:filename.dec
0 - Successful encryption / decryption.
1 - Some error occurred.
I did the following tests so far:
-
every fail exit code has been tested: PASS
-
encrypting / decrypting a very small file, 1 KB: PASS
-
encrypting / decrypting a medium size file, 15 GB: PASS
-
encrypting / decrypting a very large file, 750 GB: PASS
Please open a new issue ticket.