OpenSSL is installed by default on many Unix computers (FreeBSD, OpenBSD, Linux Distros, etc).
It has many features and can use very strong (FIPS certified) block ciphers. Here are some notes for system 
administrators who would like to use OpenSSL for 'data at rest' file encryption rather than installing additional
encryption packages. I explicitly define some default options for clarity.

------------------------------------------------------------------------------------------

To encrypt:

openssl enc -e -aes-256-cbc -a -salt -in file.txt -out file.aes.b64

To decrypt:

openssl enc -d -aes-256-cbc -a -salt -in file.aes.b64 -out file.txt

Explanation:

enc   = Encoding with Ciphers.
-e    = Encrypt (Default)
-d    = Decrypt
-a    = Base64 process the data.  This means that if encryption is taking
place, the data is base64-encoded after encryption.  If decryption
is set, the input data is base64 decoded before being decrypted.
-salt = Use a salt in the key derivation routines. This is the default.
-in   = File to encrypt.
-out  = Output.

------------------------------------------------------------------------------------------

To decrypt, you or the person you send the file to must remember these two things:

1. The cipher used (in the above example -aes-256-cbc).
2. The passphrase.

------------------------------------------------------------------------------------------

List of ciphers (don't use ecb ciphers or known weak ciphers)

Cipher commands (see the `enc' command for more details)
aes-128-cbc    aes-128-ecb    aes-192-cbc    aes-192-ecb    aes-256-cbc
aes-256-ecb    base64         bf             bf-cbc         bf-cfb
bf-ecb         bf-ofb         cast           cast-cbc       cast5-cbc
cast5-cfb      cast5-ecb      cast5-ofb      des            des-cbc
des-cfb        des-ecb        des-ede        des-ede-cbc    des-ede-cfb
des-ede-ofb    des-ede3       des-ede3-cbc   des-ede3-cfb   des-ede3-ofb
des-ofb        des3           desx           rc2            rc2-40-cbc
rc2-64-cbc     rc2-cbc        rc2-cfb        rc2-ecb        rc2-ofb
rc4            rc4-40

------------------------------------------------------------------------------------------

A practical example from an OpenBSD box (should work on any Unix box that has OpenSSL)

# echo "A test by Gary" > test.txt
# openssl enc -e -aes-256-cbc -a -salt -in test.txt -out test.aes.b64
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

# cat test.aes.b64
U2FsdGVkX19qUIYEGDu2mHmmIvKFqIciuhe6qPy/o4I=

# rm test.txt

# openssl enc -d -aes-256-cbc -a -salt -in test.aes.b64 -out test.txt
enter aes-256-cbc decryption password:

# cat test.txt
A test by Gary

Copyright 2008 16 Systems, All rights reserved.