Encrypt and decrypt files with password
I’m using linux and I basically want to encrypt a file using a password. I’ve tried using gpg -c myfile for encryption, and that works fine, it asks me for a password and encrypts it. But it only asks for a password when encrypting. I want a way to encrypt a file and if you want to decrypt it you have to give the same password that it was encrypted with. If there’s a python library that would work too since I can put that on a script.
2 Answers 2
There are several alternatives to create passowrd protected files under Linux.
GnuPG can be used to encrypt data and create digital signatures.
To encrypt and decrypt a data.txt file, use gpg command as follows:
$ gpg -c data.txt $ gpg data.txt.gpg mcrypt allows you to create password protected files similarly to GnuPG
To encrypt and decrypt a data.txt file, use mcrypt command as follows:
$ mcrypt data.txt $ mcrypt -d data.txt.nc The OpenSSl Cryptography Toolkit can also be used to encrypt and decrypt files and messages.
To encrypt and decrypt a data.txt file, use the openssl command as follows:
$ openssl enc -aes-256-cbc -salt -in data.txt -out data.txt.enc $ openssl enc -aes-256-cbc -d -in data.txt.enc -out data.txt That’s because of gpg-agent , a daemon that manages private keys and which is used as a backend for gpg. It caches your passphrases for some time by default. You can configure that with the following options (from man gpg-agent ):
--default-cache-ttl n Set the time a cache entry is valid to n seconds. The default is 600 seconds. Each time a cache entry is accessed, the entry's timer is reset. To set an entry's maximum lifetime, use max-cache-ttl. Note that a cached passphrase may not evicted immediately from memory if no client requests a cache operation. This is due to an internal housekeeping function which is only run every few seconds. --max-cache-ttl n Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently or has been set using gpg- preset-passphrase. The default is 2 hours (7200 seconds). One way to clear the cache is to reload the gpg-agent : gpgconf —reload gpg-agent
You can use gpg -c myfile && gpgconf —reload gpg-agent to encrypt your file, after which the password will be asked if you try to decrypt it with gpg myfile.gpg
5 Tools to Encrypt Decrypt and Password Protect Files in Linux
In today’s world, data privacy is more important than ever. With a multitude of online threats, it’s crucial to keep your personal and professional data safe and secure. One of best ways to do this is by using encryption and password protection. If you’re a Linux user, you’re in luck because Linux offers several powerful tools to encrypt, decrypt, and password protect your files. In this article, we’ll discuss 5 of best tools available in Linux and how to use them.
GPG
GPG, or GNU Privacy Guard, is a free and open-source encryption tool that uses OpenPGP standard. It’s a widely used tool that offers both symmetric and asymmetric encryption. With GPG, you can encrypt files with a password or a public key. You can also sign your files to ensure their authenticity.
To use GPG, you first need to install it on your Linux machine. To do this, open a terminal window and type following command −
sudo apt-get install gnupg
Once GPG is installed, you can use following command to encrypt a file −
This will encrypt file with a password. You’ll be prompted to enter password twice. To decrypt file, use following command −
You’ll be prompted to enter password to decrypt file.
OpenSSL
OpenSSL is another popular open-source encryption tool that’s widely used on Linux machines. It offers a wide range of encryption and decryption options, including AES, DES, and Blowfish. You can use OpenSSL to encrypt files with a password or a public key.
To use OpenSSL, you first need to install it on your Linux machine. To do this, open a terminal window and type following command −
sudo apt-get install openssl
Once OpenSSL is installed, you can use following command to encrypt a file −
openssl enc -aes-256-cbc -salt -in filename -out filename.enc
This will encrypt file with a password. You’ll be prompted to enter password twice. To decrypt file, use following command −
openssl enc -aes-256-cbc -d -in filename.enc -out filename
You’ll be prompted to enter password to decrypt file.
Ccrypt
ccrypt is a simple and easy-to-use encryption tool that’s designed for Linux machines. It uses Rijndael algorithm for encryption and decryption. ccrypt offers both symmetric and asymmetric encryption.
To use ccrypt, you first need to install it on your Linux machine. To do this, open a terminal window and type following command −
sudo apt-get install ccrypt
Once ccrypt is installed, you can use following command to encrypt a file −
This will encrypt file with a password. You’ll be prompted to enter password twice. To decrypt file, use following command −
You’ll be prompted to enter password to decrypt file.
Cryptsetup
Cryptsetup is a Linux tool that’s used for disk encryption. It’s a powerful tool that can be used to encrypt entire partitions or hard drives. With Cryptsetup, you can use both symmetric and asymmetric encryption.
To use Cryptsetup, you first need to install it on your Linux machine. To do this, open a terminal window and type following command −
sudo apt-get install cryptsetup
Once Cryptsetup is installed, you can use following command to create an encrypted partition −
This command will create an encrypted partition on specified device. You’ll be prompted to enter a passphrase to encrypt partition. Once partition is created, you can use following command to open it −
sudo cryptsetup luksOpen /dev/sdb1 myencrypteddrive
This command will open encrypted partition and create a mapping to it with name «myencrypteddrive». To access files on partition, you’ll need to mount it. You can do this using following command −
sudo mount /dev/mapper/myencrypteddrive /mnt/myencrypteddrive
This command will mount partition to specified directory.
VeraCrypt
VeraCrypt is a free and open-source encryption tool that’s designed for Linux, Windows, and macOS machines. It’s a powerful tool that can be used to encrypt entire partitions or hard drives. VeraCrypt uses several encryption algorithms, including AES, Serpent, and Twofish.
To use VeraCrypt, you first need to install it on your Linux machine. You can download it from official website. Once VeraCrypt is installed, you can use following command to create an encrypted volume −
This command will create a new encrypted volume at specified location. You’ll be prompted to enter a passphrase to encrypt volume. Once volume is created, you can use following command to mount it −
veracrypt /path/to/volume /path/to/mount/point
This command will mount encrypted volume to specified directory.
EncFS
EncFS is a free and open-source encryption tool that’s designed to encrypt individual files and folders. It’s easy to use and offers both symmetric and asymmetric encryption. EncFS uses FUSE (Filesystem in Userspace) interface to provide a virtual encrypted filesystem.
To use EncFS, you first need to install it on your Linux machine. To do this, open a terminal window and type following command −
sudo apt-get install encfs
Once EncFS is installed, you can use following command to create an encrypted folder −
encfs ~/encrypted ~/decrypted
This command will create an encrypted folder at specified location and mount it to specified directory. You’ll be prompted to enter a password to encrypt folder. To access files in folder, simply navigate to mount point and enter password.
Aescrypt
Aescrypt is a free and open-source encryption tool that’s designed to encrypt individual files. It uses AES encryption algorithm and offers both symmetric and asymmetric encryption. Aescrypt is easy to use and can be used from command line or with a graphical interface.
To use Aescrypt, you first need to install it on your Linux machine. To do this, open a terminal window and type following command −
sudo apt-get install aescrypt
Once Aescrypt is installed, you can use following command to encrypt a file −
This command will encrypt file with a password. You’ll be prompted to enter password twice. To decrypt file, use following command −
You’ll be prompted to enter password to decrypt file.
Gnome Encfs Manager
Gnome Encfs Manager is a graphical user interface for EncFS. It’s easy to use and allows you to create and manage encrypted folders with a few clicks. Gnome Encfs Manager is available for Ubuntu and other Debian-based distributions.
To install Gnome Encfs Manager, open a terminal window and type following command −
sudo apt-get install gnome-encfs-manager
Once Gnome Encfs Manager is installed, you can launch it from applications menu. To create a new encrypted folder, click on «New» button and follow prompts. To access files in folder, simply click on folder in Gnome Encfs Manager interface and enter password.
LUKS
Linux Unified Key Setup (LUKS) is a disk encryption specification that’s used to encrypt entire partitions or hard drives. It’s a powerful tool that can be used to secure your entire system. LUKS is built into many Linux distributions and is easy to use.
To use LUKS, you first need to create a new partition that you want to encrypt. You can use «fdisk» command to create a new partition. Once you’ve created partition, use following command to encrypt it −
sudo cryptsetup luksFormat /dev/sdb1
This command will encrypt partition and prompt you to enter a passphrase. Once partition is encrypted, use following command to open it −
sudo cryptsetup luksOpen /dev/sdb1 myencrypteddrive
This command will open encrypted partition and create a mapping to it with name «myencrypteddrive».
dm-crypt
dm-crypt is a disk encryption tool that’s built into Linux kernel. It’s a powerful tool that can be used to encrypt entire partitions or hard drives. dm-crypt uses AES encryption algorithm and offers both symmetric and asymmetric encryption.
To use dm-crypt, you first need to create a new partition that you want to encrypt. You can use «fdisk» command to create a new partition. Once you’ve created partition, use following command to encrypt it −
sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1
This command will encrypt partition and prompt you to enter a passphrase. Once partition is encrypted, use following command to open it −
sudo cryptsetup luksOpen /dev/sdb1 myencrypteddrive
This command will open encrypted partition and create a mapping to it with name «myencrypteddrive».
Conclusion
In conclusion, Linux offers several powerful tools for encrypting, decrypting, and password protecting your files. Whether you’re looking to encrypt a single file or an entire hard drive, these tools have you covered. GPG, OpenSSL, ccrypt, Cryptsetup, and VeraCrypt are all excellent options that offer different levels of security and functionality. By using these tools, you can ensure that your personal and professional data stays safe and secure.
Encrypt files with password on Linux
I have some important private files that I want to store in Google Drive and on my USB flash drive, but I don’t want them to be in plain sight for anyone to see.
I would like to at least password-protect them before storing them, but without too much hassle with asymmetric cryptography where I need to fiddle with keys.
Solution
It turns out pretty much all UNIX systems have GnuPG installed which allows me to just run a command to encrypt a file using a passphrase, and a corresponding command to decrypt it when I need to open it.
I found out that this method is also used inside NASA when transferring files.
In order to encrypt and password-protect a file run the following command:
gpg -c --cipher-algo AES256 private-file.txt The -c option specifies that we want to do symmetric encryption using a passphrase. The —cipher-algo 256 option specifies that we want to use the AES256 cipher instead of the default CAST5 cipher, although this is not required.
The above command will ask you for the passphrase to use, and then will create a new file named private-file.txt.gpg , which is the encrypted and password-protected file we want to store.
In order to decrypt the file run the following command:
Once you enter the passphrase used during the encryption of the file, you will get back the decrypted file which will have the same name without the .gpg extension, hence private-file.txt .
- If you want to encrypt a whole directory (folder), then you have to first zip/tar the folder into a single file and then apply the same command above to the zipped/tarred file.
- Use long passphrases for important files consisting of multiple words with letters, spaces, symbols, and numbers to maximise the entropy and security of the encryption.