How to Encrypt a File on the Command Line

Discover the easiest command line tool to encrypt and decrypt a file or stdin

(1) Install this CLI:

# Install peacemakr
brew tap peacemakr-io/peacemakr
brew install peacemakr

(2) Authenticate to fetch your encryption keys:

# Authenticate to Peacemakr's Demo Org for access to demo keys
export PEACEMAKR_APIKEY=d1Maw58P2xCQ8d0GV15n22SQNI6lYXHzWLCTEvNPHnY=

By the way, if you don’t want to use a demo account, then signup for a free account to use your own keys.

(3) Encrypt your file:

peacemakr -encrypt --inputFileName to-encrypt.txt --outputFileName encrypted.txt

Decrypt your file:

peacemakr -decrypt --inputFileName encrypted.txt --outputFileName decrypted.txt

Or even Encrypt and Decrypt with standard input:

echo "Hello Encrypted World" | peacemakr -encrypt

Wait. What key was used to encrypt?

Signing up is free and quick: https://admin.peacemakr.io/#/signup

Once you sign in, you’ll see you Security Control Pannel. TheCrypto Use Domains contain the keys you’re using to actually encrypt and decrypt. Anyone with access to your APIKey will be able to encrypt or decrypt with your keys. You can also share your Crypto Use Domains with other Peacemakr Users by adding them as Collaborators .

Peacemakr helps you manage your keys automatically.

To dig in a little more, all keys come from Key Derivers. When your CLI needed to encrypt, it asked your Key Deriver for a valid key. Your Key Deriver wrapped it with your CLI’s public key, signed it, and delivered it to your CLI. Your CLI then used the security policies to decide how to use the key to encrypt. In this case, ChaCha20-Poly1305 was used to encrypt and sign the file.

The security policies guided the Key Deriver and CLI on which key to use and how to use it. This frees you up from having to hard-coding decisions like algorithm type, key length, key origin, IV data, AAD data, Tag data directly into your encryption use.

Key Derivers are plug-and-play components and can be run anywhere. For example, if you need your keys to come from a secure on-prem data center, you can run a Key Deriver there. But to start, everyone gets a complimentary Key Deriver in the cloud.

Sounds Complex? It is.

Luckily, Peacemakr solves those complex key distribution and key lifecycle management problems and exposes a simple interface for the rest of us to just encrypt and decrypt our data.

Can I encrypt and decrypt offline?

Is there an SDK to programmatically encrypt and decrypt data?

But you should checkout out GitHub for the complete list.

Free Tier? What’s the catch?

Where can I learn more?

15+ Years experience leading security, Ex-Apple, Ex-Pure Storage, Ex-Symphony Communications, Co-Founder and CEO of Peacemakr, Lives in San Francisco.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store