How can I encrypt a file?

I would like to download some files from my server into my laptop, and the thing is that I want this communication to be as stealth and secure as it can be. So, far I came up using VPN, in that way I redirect the whole internet traffic of my laptop via my server. Additionally, I tried to send a file using ftp and observing Wireshark at the same time. The communication seems to be encrypted, however I would like also to encrypt the file itself (as a 2nd step security or something like that).

My server is a RasPi running Raspbian.
My laptop is Macbook Air.

I want firstly to encrypt a file in my Ras Pi and secondly download it. How can I do that?


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You can use openssl to encrypt and decrypt using key based symmetric ciphers. For example:

openssl enc -in 
    -pass stdin >

This encrypts to (you can use the -out switch to specify the output file, instead of redirecting stdout as above) using a 256 bit AES cipher in CBC mode. There are various other ciphers available (see man enc). The command will then wait for you to enter a password and use that to generate an appropriate key. You can see the key with -p or use your own in place of a password with -K (actually it is slightly more complicated than that since an initialization vector or source is needed, see man enc again). If you use a password, you can use the same password to decrypt, you do not need to look at or keep the generated key.

To decrypt this:

openssl enc -in 
    -d -aes-256-cbc 
    -pass stdin >

Notice the -d. See also man openssl.

Method 2

For one-off cases you can encrypt using zip and a password. While not as strong as key based techniques (because it is hard to have a good password) it is probably fine ad-hoc situations.

Command line looks like this:

zip -r -0 -e /path/to/files

-r to recurse directories.
-e to encrypt

Method 3

Slight mods to @goldilocks answer:


openssl enc -in foo -aes-256-cbc -pbkdf2 -out foo.enc


  1. By leaving out the -pass stdin args, this will prompt “enter aes-256-cbc encryption password:” and let you type the passphrase without showing in your console;
  2. It will use the PBKDF2 algorithm with default iterations, and suppress the warning “*** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.”


openssl enc -d -in foo.enc -aes-256-cbc -pbkdf2 -out foo.plain

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments