Protect & Encrypt · Field note
How to Encrypt Text with OpenSSL
Encrypt text with OpenSSL using a salted PBKDF2 recipe, preserve the settings needed for decryption, and verify the exact result.

Before you start
Run the workflow once with a disposable value, then do a decrypt or restore check before you share anything real.
An OpenSSL command can produce ciphertext in seconds. Recovering that text later depends on something less obvious: keeping the cipher and password-derivation settings with the encrypted data.
The salt can travel inside normal openssl enc output, but the command is not a self-describing package. Save the recipe, not just the ciphertext.
In brief
Use a salted password-based workflow, select PBKDF2 explicitly, and record the cipher, digest, iteration count, and Base64 flags. The same choices must be supplied during decryption.
This guide uses AES-256-CBC because it is available through openssl enc. CBC encryption does not authenticate the ciphertext, and OpenSSL does not support GCM or CCM through this command.
Start with a repeatable command
This example prompts for a passphrase instead of placing it in shell history:
printf '%s' 'hello' > message.txt
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -md sha256 \
-a -A -in message.txt -out message.enc
The result in message.enc is Base64 text on one line. Run the command twice with the same message and passphrase and the ciphertext should still differ because OpenSSL generates a new random salt.
Know what each setting controls
-aes-256-cbcselects the cipher and mode. Decryption must use the same choice.-saltasks OpenSSL to use a salt when deriving the key and IV. It is the default, but writing it down makes the recipe clearer.-pbkdf2selects PBKDF2 instead of the older password derivation behavior.-iter 100000sets the PBKDF2 work factor. This is an example value, not a universal policy; measure an acceptable delay for your environment.-md sha256makes the PBKDF2 digest choice explicit.-aBase64-encodes the encrypted bytes.-Akeeps that output on one line.
When OpenSSL generates the salt, it reserves the first bytes of the encrypted output for that salt. You normally do not need a separate salt file. You still need to preserve every other setting above.
Save the decrypt recipe with the output
Test the exact artifact before you archive or send it:
openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 \
-a -A -in message.enc -out message.dec
cmp -s message.txt message.dec && echo 'exact match'
Store the command in documentation or a small README beside the encrypted file. Do not store the passphrase there.
Treat the format boundary as part of the recipe
PBKDF2-based openssl enc output is not accepted by the Encrypt Online homepage or /decrypt. Those interfaces use a different envelope and password-derivation scheme. Decrypt this output with a matching openssl enc -d command.
A Base64 decoder can inspect or remove the text wrapping, but Base64 decoding does not decrypt the underlying bytes.
Decide whether openssl enc fits the job
OpenSSL documents an important limit: enc does not support authenticated-encryption modes such as GCM and CCM. A successful CBC decryption is not proof that the ciphertext was not modified.
For a durable data format, recipient-based encryption, or built-in integrity handling, choose a format designed for that job. OpenSSL specifically recommends CMS for bulk encryption because it supplies a standard container and manages key, IV, and nonce details.
Mistakes that make the ciphertext hard to recover
- Keeping only the ciphertext and forgetting the iteration count or digest.
- Encrypting with
-a -Abut omitting those settings when decrypting a single-line value. - Using
-nosaltoutside a controlled compatibility test. - Supplying an explicit
-Ssalt without preserving it. OpenSSL 3.0 also changed how explicit salts are stored and read. - Treating a padding error, or the lack of one, as a reliable integrity check.
- Passing a real passphrase directly on the command line where shell history or process inspection may expose it.
Questions that come up later
Why does the ciphertext change every time?
The random salt changes the derived key and IV even when the message and passphrase stay the same. That is expected and helps prevent identical passphrases from producing identical encryption inputs.
Can OpenSSL recover the settings automatically?
It can read a normally generated salt from the encrypted data, but it cannot infer the full recipe. You still need the cipher, PBKDF2 iteration count, digest, and Base64 choices.
Is a larger iteration count always better?
It raises the cost of password guessing, but it also raises the cost of every legitimate encrypt and decrypt operation. Pick a value based on measured performance and document it as part of the format.