How can I encrypt plain text with a password on Linux?

http://www.unreadable.de/ takes a plaintext message + password input and encrypts the plaintext. I want to do this locally on Linux. Is there a one-line command that will compute an encrypted version of my message that I can then email?

My goal is for the receiver to be able to decode the message with nothing but the password.

To be clear, I have no idea what various encryption schemes are (AES, openSSL, RSA, GPG, salt, base64, DES, CBC, reentrant) and not really interested in a research project. I just want a one-line command like

encrypt message.txt -password=secret.txt

which would be decoded like

decrypt message.txt -password=secret.txt


(Yes, I did use google first. https://encrypted.google.com/search?q=encrypt+plain+text+files+with+password+linux is not showing me anything I understand / think I can use.)


Solution 1:

The openssl(1) manpage gives a few examples on how to do this:

 ENC EXAMPLES
      Just base64 encode a binary file:

            $ openssl base64 -in file.bin -out file.b64

      Decode the same file:

            $ openssl base64 -d -in file.b64 -out file.bin

      Encrypt a file using triple DES in CBC mode using a prompted password:

            $ openssl des3 -salt -in file.txt -out file.des3

      Decrypt a file using a supplied password:

            $ openssl des3 -d -in file.des3 -out file.txt -k mypassword

      Encrypt a file then base64 encode it (so it can be sent via mail for
      example) using Blowfish in CBC mode:

            $ openssl bf -a -salt -in file.txt -out file.bf

      Base64 decode a file then decrypt it:

            $ openssl bf -d -a -in file.bf -out file.txt

As for the question on hand, the specific encryption scheme only matters inasmuch as both sides must of course use the same one. If you don’t know which one to use, Blowfish is probably a sensible choice:

$ openssl bf -a -salt -in file.txt -out file.bf
$ openssl bf -d -a -in file.bf -out file.txt

I take that you know that encrypting something without knowing at least a minimum about the cryptosystem used is… probably unwise. Personally, I think that a system like GPG is better suited for your task, but requires a little bit more setup, so technically doesn’t fit your question.

Solution 2:

OpenSSL will work. From How can I encrypt a string in the shell?:

# generate a 2048-bit RSA key and store it in key.txt
openssl genrsa -out key.txt 2048

# encrypt "hello world" using the RSA key in key.txt
echo "hello world" | openssl rsautl -inkey key.txt -encrypt >output.bin

# decrypt the message and output to stdout
openssl rsautl -inkey key.txt -decrypt <output.bin

For a simpler but less secure approach, try crypt: http://man7.org/linux/man-pages/man3/crypt.3.html