Categories
SecOps

How to provide encryption password when using OpenSSL utility

Different ways to provide encryption password when using OpenSSL utility.

Maybe not directly, but I have already mentioned it in multiple blog posts, so let me sum it up for you.

OpenSSL version.

$ openssl version
OpenSSL 1.1.1f  31 Mar 2020

Encrypt a file using password provided from standard input.

$ echo "password" | openssl enc -aes-256-cbc  -in archive.tgz -out archive.tgz.enc -pbkdf2 -pass stdin

Decrypt a file using password provided from the command-line.

$ openssl enc -aes-256-cbc -d -in archive.tgz.enc -out archive.tgz -pbkdf2 -pass pass:password

Encrypt a file using password provided from a specific file.

$ cat /home/milosz/Projects/openssl/password.txt
password
$ openssl enc -aes-256-cbc -in archive.tgz -out archive.tgz.enc -pbkdf2 -pass file:/home/milosz/Projects/openssl/password.txt

Decrypt a file using password provided from the environment variable.

$ export PASSWORD="password"
$ openssl enc -aes-256-cbc -d -in archive.tgz.enc -out archive.tgz -pbkdf2 -pass env:PASSWORD
$ unset PASSWORD

Decrypt a file using password provided from the file descriptor.

$ exec 5< <(echo password)
$ openssl enc -aes-256-cbc -d -in archive.tgz.enc -out archive.tgz -pbkdf2 -pass fd:5
$ exec 5>&-