An easy way to encrypt and decrypt large files using OpenSSL and Linux

Below is a quick config on how to to encrypt and decrypt large files using OpenSSL and Linux such as Redhat, Ubuntu, Debian, CentOS, Fedora etc. First, what you will need is a some sort of arbitrary file. Let’s create 1GB file now:

$ fallocate -l 1G large_file.img
$ ls -lh large_file.img
-rw-r--r--. 1 lrendek lrendek 1.0G Jan  2 16:40 large_file.img

Now that we have sample 1GB in size file, what we need next is an OpenSSL public and private key pair. This can be done by a following linux command:

$ openssl req -x509 -nodes -newkey rsa:2048 -keyout private-key.pem -out public-key.pem
Generating a 2048 bit RSA private key
writing new private key to 'private-key.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

There is not need to answer any of the above questions so simply hit ENTER to continue. Now you should have both private and public keys in your current working directory:

$ ls -l *.pem
-rw-rw-r--. 1 lrendek lrendek 1704 Jan  2 16:45 private-key.pem
-rw-rw-r--. 1 lrendek lrendek 1220 Jan  2 16:45 public-key.pem

Make sure to keep your private key in the save location otherwise you will not be able to decrypt your files and your files may be decrypted by someone else.

Encrypt large file using OpenSSL

Now we are ready to decrypt large file using OpenSSL encryption tool:

$ openssl smime -encrypt -binary -aes-256-cbc -in large_file.img -out large_file.img.dat -outform DER public-key.pem

The above command have encrypted your large_file.img and store it as large_file.img.dat:

$ ls -l large_file.img*
-rw-r--r--. 1 lrendek lrendek 1073741824 Jan  2 16:40 large_file.img
-rw-rw-r--. 1 lrendek lrendek 1073742293 Jan  2 16:49 large_file.img.dat

We can generate hash using md5sum for both files so we can compare them once we decrypt our file:

$ md5sum large_file.img*
cd573cfaace07e7949bc0c46028904ff  large_file.img
c4d8f1e868d1176d8aa5363b0bdf8e7c  large_file.img.dat

Decrypt large file using OpenSSL

$ openssl smime -decrypt -in large_file.img.dat -binary -inform DEM -inkey private-key.pem -out decrypted_large_file.img

The above command have decrypted our previously encrypted large file ans stored it as decrypted_large_file.img. Let’s once again generate md5sum hash to compare our results:

$ md5sum *large_file.img*
cd573cfaace07e7949bc0c46028904ff  decrypted_large_file.img
cd573cfaace07e7949bc0c46028904ff  large_file.img
c4d8f1e868d1176d8aa5363b0bdf8e7c  large_file.img.dat

From the above output you can see that decrypted_large_file.img and the original large_file.img are identical.