Symmetric AES-256-GCM encryption of arbitrary files. Use PBKDF2 + a password (good for backups) or pass an explicit key.
Bash
# Encrypt a file with a password (prompts; or use -pass for scripts)
openssl enc -aes-256-cbc -pbkdf2 -salt -in secret.txt -out secret.enc
openssl enc -aes-256-cbc -pbkdf2 -salt -in secret.txt -out secret.enc -pass pass:hunter2
# Decrypt
openssl enc -d -aes-256-cbc -pbkdf2 -in secret.enc -out secret.txt
openssl enc -d -aes-256-cbc -pbkdf2 -in secret.enc -out secret.txt -pass pass:hunter2
# Pipe-friendly (encrypt + base64 for safe transport)
openssl enc -aes-256-cbc -pbkdf2 -pass pass:hunter2 -a < plain.txt > cipher.b64
openssl enc -d -aes-256-cbc -pbkdf2 -pass pass:hunter2 -a < cipher.b64 > plain.txt
# Always pair encryption with a hash check (encrypt-then-hash → store both)
sha256sum cipher.b64 > cipher.b64.sha256
# Later: verify hash before decrypting
sha256sum -c cipher.b64.sha256 && openssl enc -d -aes-256-cbc -pbkdf2 -a < cipher.b64Save your own code snippets
Create a free account and build your private vault. Share publicly whenever you want.