Using OpenSSL for File Encryption and Validation

You can also use OpenSSL to encrypt or decrypt any file type and to create digests that can be signed and used to validate the contents and the origin of a file. The following are some examples of how you might use the openssl command.

Encrypt a file by using PBKDF2:

openssl aes-256-cbc -e -salt -pbkdf2 -iter 10000 -in file -out file.enc

Decrypt a file encrypted using PBKDF2:

openssl aes-256-cbc -d -salt -pbkdf2 -iter 10000 -in file.enc -out file.dec

Create a SHA256 digest of a file:

sudo openssl dgst -sha256 file

Sign the SHA256 file digest using the private key stored in the file prikey.pem:

sudo openssl dgst -sha256 -sign prikey.pem -out file.sha256 file

Verify the signed file digest using the public key stored in the file pubkey.pem:

sudo openssl dgst -sha256 -verify pubkey.pem -signature file.sha256 file