How to Encrypt a Large File with OpenSSL in Linux

File encryption relates to the provision of security to user/system files residing on a media device like a hard drive or USB drive. For such files to be encrypted, they need to be in a stored state such that no process or program is actively accessing/working on them. Encrypted files are stored locally and therefore discouraged from being sent over a network.

When a file is encrypted, and data needs to be added to it, it is temporarily decrypted until the said user/program finishes writing and/or reading data and afterward encrypted again. The sole purpose of encrypting files is to prevent unauthorized reading, writing, copying, and/or deletion of the targeted files.

OpenSSL is a software library that provides secure communication between applications over a configured network. Most HTTPS websites and internet servers make use of this software library to prevent eavesdropping and also to identify the parties they are communicating with on the other side of the network.

This tutorial will walk us through encrypting a large file with OpenSSL in Linux.

Create Example Reference File

Since this tutorial focuses on encrypting large files, we will need to create one. We can use the fallocate command which is part of the Util-Linux package.

Let us create a 1GB large text file using the fallocate command:

$ fallocate -l 1024M test.txt
Create Large File in Linux
Create Large File in Linux

We should be able to add some text to this file using the echo command.

$ echo "LinuxShellTips tutorial on encrypting a large file with OpenSSL in Linux" >> test.txt

We can use the cat command to confirm what we wrote to the file:

$ cat test.txt
View File Contents in Linux
View File Contents in Linux

Encrypt File with Password Using OpenSSL

Here, a single password or secret key will be used to encrypt our large text file. The symmetric-key encryption algorithm we will be referencing is AES (Advanced Encryption Standard).

This algorithm can accommodate 128, 192, and 256 bits cryptographic keys for data in 128 bits blocks to be successfully encrypted and decrypted.

To encrypt the large test.txt file, we will run the command:

$ openssl enc -aes-256-cbc -pbkdf2 -p -in test.txt -out test.txt.enc

The explanation of the options used in the above command.

  • enc executes the symmetric key encryption process.
  • -aes-256-cbc specifies the use of 256 bits cryptographic key.
  • -pbkdf2 is the default algorithm being used.
  • -p prints used salt, key, and IV.
  • -in points to the input file.
  • -out points to the output file.
Encrypt File with Password Using OpenSSL
Encrypt File with Password Using OpenSSL

When the command executes, you will be asked to enter and confirm your preferred encryption password. We can use the cat command to confirm that we can no longer read the file.

$ cat test.txt.enc

You will get an output similar to the following:

View Encrypted Password on File
View Encrypted Password on File

To decrypt the file, run:

$ openssl aes-256-cbc -d -pbkdf2 -in test.txt.enc -out sample_decrypted.txt

You will be required to enter the encryption password you generated earlier.

Decrypt File with Password Using OpenSSL
Decrypt File with Password Using OpenSSL

Encrypt File with Key Using OpenSSL

The first step is to generate a key file:

$ openssl rand 256 > symmetric_keyfile.key

We can now use the keyfile to encrypt our file:

$ openssl enc -in test.txt -out test.txt.enc -e -aes-256-cbc -pbkdf2 -k symmetric_keyfile.key

The cat command should confirm that the file can’t be read.

 
$ cat test.txt.enc
View Encrypted Key on File
View Encrypted Key on File

To decrypt the file, run:

$ openssl enc -in test.txt.enc -out draft_decrypted.txt -d -aes-256-cbc -pbkdf2 -k symmetric_keyfile.key
Decrypt File with Key Using OpenSSL
Decrypt File with Key Using OpenSSL

Asymmetric Encryption

Using this approach where a private key is generated and a public key generated from it is not compatible with encrypting large files as you will run into the error: data too large for key size.

data too large for key size Error
data too large for key size Error

We have successfully encrypted a large file with OpenSSL in Linux.

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.