How to Encrypt and Decrypt Files and Directories Using Tar and OpenSSL

When you have important sensitive data, then its crucial to have an extra layer of security to your files and directories, specially when you need to transmit the data with others over a network.

That’s the reason, I am looking for a utility to encrypt and decrypt certain files and directories in Linux, luckily I found a solution that tar with OpenSSL can do the trick, yes with the help of these two tools you can easily create and encrypt tar archive file without any hassle.

Don’t Miss: 7 Tools to Encrypt and Decrypt Files in Linux

In this article, we will see how to create and encrypt a tar or gz (gzip) archive file with OpenSSL:

Remember that the conventional form of using OpenSSL is:

# openssl command command-options arguments

Encrypt Files in Linux

To encrypt the contents of the current working directory (depending on the size of the files, this may take a while):

# tar -czf - * | openssl enc -e -aes256 -out secured.tar.gz

Explanation of the above command:

  1. enc – openssl command to encode with ciphers
  2. -e – a enc command option to encrypt the input file, which in this case is the output of the tar command
  3. -aes256 – the encryption cipher
  4. -out – enc option used to specify the name of the out filename, secured.tar.gz

Decrypt Files in Linux

To decrypt a tar archive contents, use the following command.

# openssl enc -d -aes256 -in secured.tar.gz | tar xz -C test

Explanation of the above command:

  1. -d – used to decrypt the files
  2. -C – extract in subdirectory named test

The following image shows the encryption process and what happens when you try to:

  1. extract the contents of the tarball the traditional way
  2. use the wrong password, and
  3. when you enter the right password
Encrypt or Decrypt Tar Archive File in Linux

Encrypt or Decrypt Tar Archive File in Linux

When you are working on a local network or the Internet, you can always secure your vital documents or files that you share with others by encrypting them, this can help reduce the risk of exposing them to malicious attackers.

We looked at a simple technique of encrypting tarballs using OpenSSL, a openssl command line tool. You can refer to its man page for more information and useful commands.

As usual, for any additional thoughts or simple tips that you wish to share with us, use the feedback form below and in the upcoming tip, we shall look at a way of translating rwx permissions into octal form.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

5 Responses

  1. richard ketcham says:

    I am bothered by the comment of Quiark who claims to know something about the security of cryptographic methods, but shows that he knows nothing. Zomegagon references articles implying that openssl is inherently insecure, vs gpg.

    However, neither openssl nor gpg are cryptographic methods in themselves. They are front ends that call crypto algorithms from open source crypto libraries, and the user selects the crypto of his choice and the crypto parameters to suite his needs.

    These libraries are the gold standards upon which most of the modern internet depends. Unless you believe that closed source, proprietary cryptography is superior to open source cryptography. That argument, (security by obscurity) has been made many times and lost.

  2. Quiark says:

    This is unsafe. Please don’t write about crypto if you don’t understand it, putting your readers at risk (that probably want to encrypt sensitive data, you know?)

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.