Linux has several different command line tools that can encrypt and decrypt files using a password supplied by the user. Such encryption tools have a myriad of uses, including the ability to encrypt files ready for sending securely over the Internet without the worry of third parties accessing the files if somehow the transmission is intercepted.
Before looking at the individual tools you need to make sure that all the relevant packages are installed. For Ubuntu, you would use the following command to install the programs:
sudo apt-get install gnupg bcrypt ccrypt p7zip-full
GNU Privacy Guard (GPG) is a tool primarily designed for encrypting and signing data using public key cryptography. It does however also contain the ability to encrypt data using just a user supplied password and it supports a variety of cryptographic algorithms.
To encrypt a file, in this case “
gpg , enter the following command:
gpg -c big.txt
You will be prompted to enter a password (twice). A new file is created during the encryption process called “
big.txt.gpg“. The original file will also remain, so you will need to delete it if you only intend to keep an encrypted copy. If you compare the file sizes of the original file and the encrypted file, you will see that the encrypted file is smaller. This is because gpg compresses the file during encryption. If the file is already compressed (e.g. a .zip file or a .tgz file) then the encrypted file might actually end up being slightly larger.
To decyrpt the file use:
By default, files encrypted with gpg will use the “
cast5” encryption algorithm which is approved by the Canadian government’s national cryptologic agency. However the gpg utility also supports a number of different built-in encryption algorithms including Triple DES (3DES), which is used by the electronic payment industry; Advanced Encryption Standard (AES), an encryption technique approved by the U.S. National Institute of Standards and Technology (NIST); and Camellia, a cipher jointly developed by Mitsubishi and NTT which is approved by the EU and Japan.
To see a list of the algorithms available type:
The list of available algorithms is shown in the “Supported algorithms” section of the output under the “Cipher” tag. To use a different algorithm add the “
-crypto-algo” parameter followed by the algorithm you want to use, e.g. “
The full command then becomes:
gpg -c -crypto-algo=3DES big.txt
bcrypt and ccrypt
gpg isn’t the only encryption tool available on Linux. The original Unix systems included a command called “
crypt“, however the level of security it provided was very low. In its honor, there are some other commands which can replace it including “
bcrypt” and “
bcrypt uses the blowfish algorithm while ccrypt is based on the Rijndael cipher, which is the algorithm used for AES. Many cryptoanalysts no longer recommend the use of the blowfish algorithm as there are some theoretical attacks published which weaken it, however for casual encryption, which won’t be subject to state-level (NSA, MI5, FSA) snooping, it is still useful.
To encrypt with bcrypt use:
Unlike gpg, the bcrypt command will replace the original file with the encrypted file and add .bfe to the end of the file name. Like gpg, the resulting file is also compressed and so the file size should be significantly smaller for uncompressed files. Compression can be disabled by using the “
To decrypt the file use:
The .bfe file will be replaced by the original unencrypted file.
There are three possible ways to call the ccrypt command:
- by using ccrypt directly with either the
- to encrypt or decrypt respectively or by using the
To encrypt a file enter:
The original file will be replaced by
big.txt.cpt. Unlike gpg and bcrypt, the output isn’t compressed. If compression is needed then tools like gzip can be used. Suggested file extensions for compressed and encrypted files are .gz.cpt or .gzc.
To decrypt a file use:
The 7-Zip compression tool also incorporates AES encryption. To create an encrypted archive use the “
-p” parameter with the 7z command:
7z a -p big.txt.7z big.txt
You will be prompted to enter a password (twice). The file will then be compressed and encrypted. The original file will remain, so as with the gpg command, you will need to delete it if you only want to keep an encrypted copy. The advantage of using 7-Zip is that multiple files and folders can be archived and encrypted at once.
By using these compression techniques, sensitive data can be encrypted with sufficient strength that even government sponsored agencies won’t be able to access your files. As with all passwords (for use online or offline), using longer phrases provides better security than shorter ones.