Encrypt using openssl - Fun at-home activities for Kids.

All Activities

Encrypt using openssl

Use OpenSSL to encrypt and decrypt short text messages with adult help on a computer, learning about passwords, keys, and secrecy.

Table of contents

Step-by-step guide to encrypt using OpenSSL

0:00/0:00

Here at SafeTube, we're on a mission to create a safer and more delightful internet. 😊

Encrypt and Decrypt Messages Using OpenSSL | Complete Encryption Tutorial for Beginners #OpenSSL

What you need

A short secret message, a password you can remember, paper and pencil, adult supervision required

Step 1

With an adult, open the Terminal or Command Prompt on the computer.

Step 2

With an adult, create a new text file named secret.txt and type your short secret message into it.

Step 3

Choose a strong password with your adult helper and write it down on paper so you will remember it.

Step 4

With an adult, check that OpenSSL is installed by typing openssl version and pressing Enter.

Step 5

With an adult, encrypt secret.txt using a password by running: openssl enc -aes-256-cbc -pbkdf2 -salt -in secret.txt -out secret.enc and enter the password when prompted.

Step 6

Look in the folder to confirm the encrypted file secret.enc was created (use ls or dir with your adult).

Step 7

With an adult, decrypt secret.enc to a new file by running: openssl enc -aes-256-cbc -d -pbkdf2 -in secret.enc -out secret_decrypted.txt and enter your password when prompted.

Step 8

Open secret_decrypted.txt and check that the message matches your original secret.txt.

Step 9

With an adult, create a 2048-bit RSA private key by running: openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048.

Step 10

With an adult, create the matching public key by running: openssl rsa -pubout -in private.pem -out public.pem.

Step 11

With an adult, encrypt secret.txt using the public key by running: openssl pkeyutl -encrypt -pubin -inkey public.pem -in secret.txt -out secret_rsa.enc.

Step 12

With an adult, decrypt secret_rsa.enc using the private key by running: openssl pkeyutl -decrypt -inkey private.pem -in secret_rsa.enc -out secret_rsa_decrypted.txt.

Step 13

Open secret_rsa_decrypted.txt and confirm the message matches the original secret.txt.

Step 14

Share your finished lesson and what you learned about passwords keys and secrecy on DIY.org.

Help!?

What if OpenSSL is not installed or I can't find it?

Install OpenSSL so you can run the openssl commands in the instructions—for example use 'sudo apt install openssl' on Linux, 'brew install openssl' on macOS, or install Git for Windows/WSL on Windows to get access to the 'openssl' command.

My decrypted file doesn't match the original; what should I check?

Check that you entered the exact same password when running the openssl enc -aes-256-cbc -pbkdf2 commands, that secret.enc was created in the same folder (use ls or dir), and that you used the correct input/output filenames when decrypting.

How can I adapt this activity for different ages?

For younger kids, have an adult type the Terminal/Command Prompt steps while the child writes secret.txt and watches the file appear, skipping the RSA key steps; for older kids, let them type the commands themselves and try generating a 4096-bit RSA key using openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:4096 to explore stronger keys.

How can we extend or personalize the encryption lesson?

As an extension, create and verify a digital signature with the private/public keys using openssl dgst -sha256 -sign private.pem -out secret.sig secret.txt and verify with openssl dgst -sha256 -verify public.pem -signature secret.sig secret.txt, or protect private.pem with a passphrase when generating it.

Watch videos on how to encrypt using OpenSSL

0:00/0:00

Here at SafeTube, we're on a mission to create a safer and more delightful internet. 😊

OpenSSL Tutorial Video-3 | Encryption using OpenSSL

4 Videos

Facts about cryptography and digital security for kids

🔐 OpenSSL is an open-source toolkit used around the world to help encrypt internet traffic and messages.

🔑 Symmetric encryption uses the same secret key to lock and unlock data, while public-key cryptography uses a pair of keys (one public, one private).

🧠 Short passwords are easier to guess — using a longer passphrase (a few words) makes secrets much harder to crack.

🔎 The 2014 'Heartbleed' bug in OpenSSL taught the internet a big lesson: software must be updated to keep secret keys safe.

💡 Learning to encrypt and decrypt messages helps you practice problem-solving, privacy, and careful handling of passwords and keys.

How do I use OpenSSL to encrypt and decrypt a short message with a child?

With adult help, open a terminal and save the short message to a text file (message.txt). To encrypt, run: openssl enc -aes-256-cbc -pbkdf2 -salt -in message.txt -out message.enc and enter a passphrase when prompted. To decrypt, run: openssl enc -d -aes-256-cbc -pbkdf2 -in message.enc -out decrypted.txt and type the same passphrase. Explain each step aloud, let the child type safe example passwords, and compare the original and decrypted files together.

What materials do I need to do this OpenSSL encryption activity?

You need a computer with OpenSSL installed (Linux/macOS usually include it; Windows can use a compatible build or Git Bash), a text editor, and terminal/command-line access. Prepare simple example messages on paper, a written password notebook, and adult supervision. Optional: a USB drive for moving files and a secondary device to test decrypting. Keep sensitive real data out of the exercise; use harmless sample phrases instead.

What ages is the OpenSSL encryption activity suitable for?

This activity suits children about 10 years and up with an adult present to handle commands and safety. Younger kids (6–9) can learn the basic idea through analogies and guided typing while an adult runs commands. Teens can try more independence and learn passphrase best practices and file permissions. Always supervise terminal use and explain privacy concepts in age-appropriate language.

What safety tips and benefits come from teaching kids OpenSSL encryption?

Teaching OpenSSL builds awareness about privacy, passwords, and digital responsibility. Safety tips: never use real sensitive data, avoid entering passphrases on shared devices, don’t store passphrases in scripts, and keep files with proper permissions. Emphasize that encryption protects secrecy but relies on strong, memorable passphrases. Adult supervision is required for command-line safety and to explain why secrecy and consent matter when exchanging encrypted messages.

Ready to create?

All Activities

Encrypt using openssl

Use OpenSSL to encrypt and decrypt short text messages with adult help on a computer, learning about passwords, keys, and secrecy.

Table of contents

Step-by-step guide to encrypt using OpenSSL

0:00/0:00

Here at SafeTube, we're on a mission to create a safer and more delightful internet. 😊

Encrypt and Decrypt Messages Using OpenSSL | Complete Encryption Tutorial for Beginners #OpenSSL

What you need

A short secret message, a password you can remember, paper and pencil, adult supervision required

Step 1

With an adult, open the Terminal or Command Prompt on the computer.

Step 2

With an adult, create a new text file named secret.txt and type your short secret message into it.

Step 3

Choose a strong password with your adult helper and write it down on paper so you will remember it.

Step 4

With an adult, check that OpenSSL is installed by typing openssl version and pressing Enter.

Step 5

With an adult, encrypt secret.txt using a password by running: openssl enc -aes-256-cbc -pbkdf2 -salt -in secret.txt -out secret.enc and enter the password when prompted.

Step 6

Look in the folder to confirm the encrypted file secret.enc was created (use ls or dir with your adult).

Step 7

With an adult, decrypt secret.enc to a new file by running: openssl enc -aes-256-cbc -d -pbkdf2 -in secret.enc -out secret_decrypted.txt and enter your password when prompted.

Step 8

Open secret_decrypted.txt and check that the message matches your original secret.txt.

Step 9

With an adult, create a 2048-bit RSA private key by running: openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048.

Step 10

With an adult, create the matching public key by running: openssl rsa -pubout -in private.pem -out public.pem.

Step 11

With an adult, encrypt secret.txt using the public key by running: openssl pkeyutl -encrypt -pubin -inkey public.pem -in secret.txt -out secret_rsa.enc.

Step 12

With an adult, decrypt secret_rsa.enc using the private key by running: openssl pkeyutl -decrypt -inkey private.pem -in secret_rsa.enc -out secret_rsa_decrypted.txt.

Step 13

Open secret_rsa_decrypted.txt and confirm the message matches the original secret.txt.

Step 14

Share your finished lesson and what you learned about passwords keys and secrecy on DIY.org.

Help!?

What if OpenSSL is not installed or I can't find it?

My decrypted file doesn't match the original; what should I check?

How can I adapt this activity for different ages?

How can we extend or personalize the encryption lesson?

Watch videos on how to encrypt using OpenSSL

0:00/0:00

Here at SafeTube, we're on a mission to create a safer and more delightful internet. 😊

OpenSSL Tutorial Video-3 | Encryption using OpenSSL

4 Videos

Facts about cryptography and digital security for kids

🔐 OpenSSL is an open-source toolkit used around the world to help encrypt internet traffic and messages.

🔑 Symmetric encryption uses the same secret key to lock and unlock data, while public-key cryptography uses a pair of keys (one public, one private).

🧠 Short passwords are easier to guess — using a longer passphrase (a few words) makes secrets much harder to crack.

🔎 The 2014 'Heartbleed' bug in OpenSSL taught the internet a big lesson: software must be updated to keep secret keys safe.

💡 Learning to encrypt and decrypt messages helps you practice problem-solving, privacy, and careful handling of passwords and keys.