Using OpenSSL to encrypt messages and files on Linux -

OpenSSL is a powerful cryptography toolkit. Many of us have already used OpenSSL for creating RSA Private Keys or CSR (Certificate Signing Request). However, did you know that you can use OpenSSL to benchmark your computer speed or that you can also encrypt files or messages? This article will provide you with some simple to follow tips on how to encrypt messages and files using OpenSSL.
This is a companion discussion topic for the original entry at

Krister Brandser

Base64 isn’t encryption. It’s encoding… It’s like trying to hide a pink elephant behind a leaf…


Would appreciate your assistance!!

I encrypted a .dmg file using openssl encryption on my Macbook Pro, keeping the output name the same as the input name. I didn’t know this would be problematic, as I am now unable to decrypt the .dmg file even with the correct password.

Some folks say it could not be done, but it seemed to have worked for me. Now, I can’t open the file and am afraid it will be impossible to decrypt.

Note: If you use the same code, but change the output name, it can decrypt just fine. Again, my issue was that I encrypted the file using the same output name as the input, which has made it impossible for me to decrypt it.

Here’s what the code looks like:

openssl enc -aes-256-cbc -d -in /Users/huntert/Desktop/IMPT.dmg -out /Users/huntert/Desktop/IMPT.dmg
enter aes-256-cbc encryption password: 
Verifying - enter aes-256-cbc encryption password:

When I tried to decrypt it, I received the folllowing messages:

enter aes-256-cbc decryption password:
error reading input file

I should’ve been more cautious and tried it on a rubbish file. Lesson learned. Still, I encrypted a very important file. Any troubleshooting advice or assistance would be much appreciated. Thanks.

Lubos Rendek Mod -> Hunter

Hi Hunter,

I’m sorry to hear about your trouble. I have tried your scenario and it seem that I might have a bad news for you unless you have a backup of the original encrypted file.

Keeping the same name during encryption is not an issue. However, it clearly should be avoided! What is a real issue here is that with your attempt to decrypt the file you actually removed its content by opening it for writing and the file is more likely empty now. Run “file” command against your file eg.:

$ file /Users/huntert/Desktop/IMPT.dmg

and see what the output you get. If you get “openssl enc’d data with salted password” you are all good but if you get “empty” ( you can also check a size of this file ) then the only way out is to have an original encrypted file. Hopefully you have a backup somewhere. In that case all you need to do is to change the name of the output file to successfully decrypt. Example ( note: IMPT2.dmg )

$ openssl enc -aes-256-cbc -d -in /Users/huntert/Desktop/IMPT.dmg -out /Users/huntert/Desktop/IMPT2.dmg

I have put up a warning inside the file encryption section on this page to warn others before falling into the same pit.


Hunter -> Lubos Rendek


Thanks for your reply. You’re right: it’s empty. I didn’t have a backup; a message to back up my computer appeared the morning of, and I blatantly ignored it. That was my moment of regret. Again, many thanks for your help and explanation. All the best to you, Lubos.

Phillip Burger

The command above ‘echo “OpenSSL” | openssl enc -aes-256-cbc -a enter aes-256-cbc’ looks like it should instead be ‘echo “OpenSSL” | openssl enc -aes-256-cbc -a’

Very helpful post. Thank you for putting this together and sharing.

Lubos Rendek Mod -> Phillip Burger

Thanks Philip, this will be updated shortly.

Ibnu Batutah Zarizal

Great. Finally I found about it. Thanks.