加密檔案 - OpenSSL Create Example Reference File, let us create a 1GB large text file using the fallocate command: fallocate -l 1024M test.txt echo "LinuxShellTips tutorial on encrypting a large file with OpenSSL in Linux" >> test.txt cat test.txt Encrypt File with Password (對稱式加密) openssl enc -aes-256-cbc -pbkdf2 -p -in test.txt -out test.txt.enc enc executes the symmetric key encryption process. -aes-256-cbc specifies the use of 256 bits cryptographic key. -pbkdf2 is the default algorithm being used. -p prints used salt, key, and IV. -in points to the input file. -out points to the output file. To decrypt the file, run: openssl aes-256-cbc -d -pbkdf2 -in test.txt.enc -out sample_decrypted.txt You will be required to enter the encryption password you generated earlier. Encrypt File with Key (對稱式加密) # generate a key file openssl rand 256 > symmetric_keyfile.key # use the keyfile to encrypt our file openssl enc -in test.txt -out test.txt.enc -e -aes-256-cbc -pbkdf2 -k symmetric_keyfile.key To decrypt the file, run: openssl enc -in test.txt.enc -out draft_decrypted.txt -d -aes-256-cbc -pbkdf2 -k symmetric_keyfile.key 非對稱式加密 (Asymmetric Encryption) 使用非對稱式加密對一個大檔案進行加密,可能遇到錯誤: data too large for key size. TIP: 非對稱加密又稱公鑰加密。在使用前要準備好一對私鑰與公鑰,使用公鑰進行檔案的加密,解密時則使用私鑰,操作上較複雜,但是安全性較佳。 Hashing # For file openssl dgst -sha256 my.file # For string echo "HelloWorld" | openssl sha256 參考網站 OpenSSL 對稱式、非對稱式加密檔案指令教學與範例