Encrypt the file in linux

7 Tools to Encrypt/Decrypt and Password Protect Files in Linux

Encryption is the process of encoding files in such a way that only those who are authorized can access it. Mankind is using encryption from ages even when computers were not in existence. During war they would pass some kind of message that only their tribe or those who are concerned were able to understand.

Linux distribution provides a few standard encryption/decryption tools that can prove to be handy at times. Here in this article we have covered 7 such tools with proper standard examples, which will help you to encrypt, decrypt and password protect your files.

If you are interested in knowing how to generate Random password in Linux as well as creating random password you may like to visit the below link:

1. GnuPG

GnuPG stands for GNU Privacy Guard and is often called as GPG which is a collection of cryptographic software. Written by GNU Project in C programming Language. Latest stable release is 2.0.27.

In most of the today’s Linux distributions, the gnupg package comes by default, if in-case it’s not installed you may apt or yum it from repository.

We have a text file (tecmint.txt) located at

/Desktop/Tecmint/, which will be used in the examples that follows this article.

Before moving further, check the content of the text file.

Now encrypt tecmint.txt file using gpg. As soon as you run the gpc command with option -c (encryption only with symmetric cipher) it will create a file texmint.txt.gpg. You may list the content of the directory to verify.

Note: Enter Paraphrase twice to encrypt the given file. The above encryption was done with CAST5 encryption algorithm automatically. You may specify a different algorithm optionally.

To see all the encryption algorithm present you may fire.

Now, if you want to decrypt the above encrypted file, you may use the following command, but before we start decrypting we will first remove the original file i.e., tecmint.txt and leave the encrypted file tecmint.txt.gpg untouched.

Note: You need to provide the same password you gave at encryption to decrypt when prompted.

2. bcrypt

bcrypt is a key derivation function which is based upon Blowfish cipher. Blowfish cipher is not recommended since the time it was figured that the cipher algorithm can be attacked.

If you have not installed bcrypt, you may apt or yum the required package.

Encrypt the file using bcrypt.

As soon as you fire the above command, a new file name texmint.txt.bfe is created and original file tecmint.txt gets replaced.

Decrypt the file using bcrypt.

Note: bcrypt do not has a secure form of encryption and hence it’s support has been disabled at least on Debian Jessie.

3. ccrypt

Designed as a replacement of UNIX crypt, ccrypt is an utility for files and streams encryption and decryption. It uses Rijndael cypher.

If you have not installed ccrypt you may apt or yum it.

Encrypt a file using ccrypt. It uses ccencrypt to encrypt and ccdecrypt to decrypt. It is important to notice that at encryption, the original file (tecmint.txt) is replaced by (tecmint.txt.cpt) and at decryption the encrypted file (tecmint.txt.cpt) is replaced by original file (tecmint.txt). You may like to use ls command to check this.

Provide the same password you gave during encryption to decrypt.

4. Zip

It is one of the most famous archive format and it is so much famous that we generally call archive files as zip files in day-to-day communication. It uses pkzip stream cipher algorithm.

If you have not installed zip you may like to apt or yum it.

Create a encrypted zip file (several files grouped together) using zip.

Here mypassword is the password used to encrypt it. A archive is created with the name tecmint.zip with zipped files tecmint.txt, tecmint1.txt and tecmint2.txt.

Decrypt the password protected zipped file using unzip.

You need to provide the same password you provided at encryption.

5. Openssl

Openssl is a command line cryptographic toolkit which can be used to encrypt message as well as files.

You may like to install openssl, if it is not already installed.

Encrypt a file using openssl encryption.

Explanation of each option used in the above command.

1. enc : encryption
2. -aes-256-cbc : the algorithm to be used.
3. -in : full path of file to be encrypted.
4. -out : full path where it will be decrypted.

Decrypt a file using openssl.

6. 7-zip

The very famous open source 7-zip archiver written in C++ and able to compress and uncompress most of the known archive file format.

If you have not installed 7-zip you may like to apt or yum it.

Compress files into zip using 7-zip and encrypt it.

Decompress encrypted zip file using 7-zip.

Note: Provide same password throughout in encryption and decryption process when prompted.

All the tools we have used till now are command based. There is a GUI based encryption tool provided by nautilus, which will help you to encrypt/decrypt files using Graphical interface.

7. Nautilus Encryption Utility

Steps to encrypt files in GUI using Nautilus encryption utility.

Encryption of file in GUI

1. Right click the file you want to encrypt.

2. Select format to zip and provide location to save. Provide password to encrypt as well.

Encrypt File Using Nautilus

3. Notice the message – encrypted zip created successfully.

Encrypted Zip File Confirmation

Decryption of file in GUI

1. Try opening the zip in GUI. Notice the LOCK-ICON next to file. It will prompt for password, Enter it.

Decryption of File

2. When successful, it will open the file for you.

Decryption Confirmation

That’s all for now. I’ll be here again with another interesting topic. Till then stay tuned and connected to Tecmint. Don’t forget to provide us with your valuable feedback in the comments below. Like and share us and help us get spread.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

Источник

Linux: How To Encrypt And Decrypt Files With A Password

T o encrypt and decrypt files with a password, use gpg command. It is an encryption and signing tool for Linux and UNIX-like operating systems such as FreeBSD, Solaris, MacOS and others. Gnupg is a complete and free implementation of the OpenPGP standard.

Where security is critical, we use strong encryption such as Pretty Good Privacy/GNU PGP instead of the relatively weak standard encryption provided by many CLI utilities. Let us see how to encrypt and decrypt files on Linux and Unix command-line.

Say hello to gnupg

The GnuPG stands for GNU Privacy Guard and is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility.

Install gnupg in Debian/Ubuntu/Mint Linux

Type the following apt-get command or apt command:
$ sudo apt-get install gnupg

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Installing gnupg in Red hat (RHEL)/CentOS Linux

Type the following yum command:
$ sudo yum install gnupg

Fedora Linux install gnupg

Type the following dnf command:
$ sudo dnf install gnupg

Arch Linux install gnupg

Type the following gnupg command:
$ sudo pacman -S gnupg

SUSE/OpenSUSE Linux install gnupg

Type the following zypper command:
$ sudo zypper install gpg2

FreeBSD install gnupg command

To install the port:
# cd /usr/ports/security/gnupg/ && make install clean
To add the package:
# pkg install gnupg

OpenBSD install gnupg

$ doas pkg_add gnupg
Please note that you can use either gpg or gpg2 command.

Encrypting a file in Linux or Unix

To encrypt a single file, use command gpg as follows:
$ gpg -c filename
To encrypt myfinancial.info.txt file, type the command:
$ gpg -c myfinancial.info.txt
Sample output:

This will create a myfinancial.info.txt.gpg file:
$ ls -l myfinancial.info.txt*
Sample outputs:

• -c : Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is AES128, but may be chosen with the —cipher-algo option.

You can delete myfinancial.info.txt file:
$ rm myfinancial.info.txt
Please note that if you ever forgot your password (passphrase), you cannot recover the data as it use very strong encryption.

Decrypt a file in Linux or Unix-like system

To decrypt file use the gpg command as follow:
$ gpg myfinancial.info.txt.gpg
OR
$ gpg -d myfinancial.info.txt.gpg
OR
$ gpg —decrypt myfinancial.info.txt.gpg
Sample outputs:

To view your file, type:
$ ls -l myfinancial.info.txt
$ cat myfinancial.info.txt
$ vi myfinancial.info.txt
Decrypt file and write output to file vivek.info.txt you can run command:
$ gpg myfinancial.info.gpg -o vivek.info.txt
OR
$ gpg -d myfinancial.info.gpg —output vivek.info.txt
Also note that if file extension is .asc, it is a ASCII encrypted file and if file extension is .gpg, it is a binary encrypted file.

How to create compressed encrypted archives with tar and gpg for given directory or folder

The syntax is as follows to make encrypted archives with tar and gpg for whole directory:
tar -cz /path/to/dir/ | gpg -c -o your_file.tgz.gpg
Optionally, you can delete the /path/to/dir/ as it is fully encrypted and backed up to the your_file.tgz.gpg. Here is how to unpack it when needed:
gpg -d your_file.tgz.gpg | tar xz

A note about keeping the password in a separate file for backups or cron jobs

Encrypting and decrypting file using the public keys on Linux and Unox

The syntax is simple again:
% gpg —output outFileName.gpg —encrypt —recipient sai@cyberciti.biz inputFileName.txt
The encrypted document can only be decrypted by someone with a private key that complements one of the recipients’ public keys. To decrypt a message the option –decrypt is used as follows:
% gpg —output inputFileName.txt —decrypt outFileName.gpg
See how to use oathtool Linux command line for 2 step verification (2FA) along with GNU PGP.

Conclusion

We learned how to encrypt and decrypt files on Linux and Unix-like systems using strong encryption. See the following resources:

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

Thanks! This helped me a lot. Encryption everywhere seems to be only about e-mail. I just wanted to encrypt a password file.

This came very handy…and is now bookmarked! Thanks.

This is fine as far as it goes. However, if you decrypt a file and look at it using a word processor (say), the word processor might well leave back-up copies of your sensitive file in /tmp or in a back-up directory. So when you delete your unencrypted file, you have to delete any other copies that might be lying around the filing system too. A better way around this problem might be to use whole partition encryption: http://encryptionhowto.sourceforge.net/Encryption-HOWTO-4.html
But even then, you need to watch out for stuff that may be on a different disk/partition, e.g. in /tmp.

Good point about backup files. Thanks for sharing howto links.

Appreciate your post!

I need to encript a backup file in non interactive mode, so I do not have a prompt to type the password, because is a automated script.

Do you have how I can proceed?

can i encrypt squid.conf or httpd.conf that are located on /etc/xxx folder… knowing that squid process and apache process need to access this file in order to read the file configuration! if this is not workable in my case… is there a way to hide the .conf files from even the root users.. please your help is highly appreciated…

greetings from lebanon

Why would you want to do this? I can’t think of any reason that this would be necessary. I mean, you could probably map most of the information in these files just by making http requests to the web/proxy server making this a rather pointless exercise.

i want to encrypt/hide .conf. your help is highly appreciated…

thank for help I want to decrypt rar files

1) Unless the app is aware of the encryption , you cannot encrypt such .conf files.
2) It is possibles to write a script that wraps the process , i.e squid and call the gpg , decrypt the file and then call the squid , reencrypt the file , delete the .conf …
It is actually bound to how the process calls his conf files ,i.e at the beginning , in the loop …
3) You can even recompile squid with some crypting lib. and change all calls to read file to be proceeded by a decryption function.
4) No body but the root should have the root pass , other users must be in specific groups that enable them to do some stuff that normally only the root can do and hence avoid giving them the root pass.

I thought, even if you encrypt a backup script, it will still run as it is.
But it’s not.

I just want to hide the backup script form others because it contains critical information about the files being backed up.

Jay: I think you will need to create a new backup script that decrypts and reads an encrypted file containing the critical information about the files being backed up.

The information about the files will be protected, and the script should still run normally.

It’s very nice stuff … encryption and decryption in linux and tell me how to set password for each file and folder under linux.

A good post nixcraft, but I have a doubt, how linux encrypts? I mean in a navite level, without use particular apps or tools… thx

Non interactive encrypt/decrypt:-

Encrypt it…
gpg —yes —passphrase [passphrase] -c [filename]

Decrypt it…
gpg —yes —passphrase [passphrase] [filename]

This was a life saver.

So I thought this would help, but unfortunately it didn’t. I’m wondering why. Also, when I do a “gpg -h”, “–passphrase” doesn’t show up as one of the options. Is this like a secret option or something?

Hi,
You must to use the follow commands:

gpg –batch –yes –passphrase [passphrase] -c [filename]

where would you check if the passphrase is entered correctly or not? If I want to encrypt a binary file to enter the correct password before someone can run my program, where do I implement the passphrase check? In the binary file or in my program?

Thank u very much

I need to encrypt folder with it’s content with out need to encrypt all files inside this folder please your help.
your help is highly appreciated

Yeah i also want to encrypt a folder.. please help…

me too have same issue..please help

I want to encrypt squashfs.img(squashfs.img.enc) file in Fedora Live OS. It should be decrypted while booting.. Can anyone knows how to do this?

There is a nice command line tool available here for file encryption.. http://code.google.com/p/kpbe/ . it supports many algorithms, requires Mono.

For Gnome if you prefer the right click option install “seahorse-plugins” from synaptic or apt-get install, if you’re a KDE user you can install kgpg, both options allow key generating and management alone with right click encrypt options. If you prefer the GUI option that is.

hey admin!
If i m not wrong: there is typo error on:
————–
To decrypt file use gpg command:
$ gpg myfinancial.info.gpg
————–which i could be like this—-
To decrypt file use gpg command:
$ gpg —decrypt myfinancial.info.gpg -o someoutputfile.txt
—————-

That’s very interesting. I like it.

Hi,
I have encryted the file in windows machine but when i trying to dycrypt from linux using gpg filename it is not encrypting .the eror come has

gpg: encrypted with RSA key, ID 83994B4A
gpg: decryption failed: secret key not available

When i am use the command gpg -d also same eroro

Hi,
You must to use the follow commands:

gpg —batch —yes —passphrase [passphrase] -c [filename]

Its not working

Is there any difference between .gpg and .pgp files. I have a pgp encrypted file and a key. Can anyone please let me know how to decrypt it through PHP or shell command? Thanks in advance.

Regards,
N Naresh Kumar

Hi
My command is “ gpg —yes —passphrase=mypassphrase myfile.pgp ” its works fine in my terminal but i try to execute this command though php using system («gpg —yes —passphrase=mypassphrase myfile.pgp»,$res); its return 2 ie its doesn’t work . Then i tried this command to execute through perl cgi its report compilation error in “ — ” characters in above command.

Could you please what are the steps if we need to do the pgp encryption using shell script.

I got the following non-interactive commands to work on Oracle Enterprise Linux. I assume that contains a pretty standard version of gpg:

To encrypt a file:

Here the passphrase is “welcome” and –passphrase-fd 0 means take the passphrase from standard input

To decrypt the same file and pipe contents to standard output:

The passphrase is again “welcome” and I tee the output to yar.txt

You can get info on these — commands which don’t show up in gpg –help by looking at the gpg man pages (man gpg)

BTW, I’m just learning this stuff myself, so don’t expect any other pearls of wisdom from me. Needed to get this working non-interactively for work, and thought I’d share what I learned.

Thanks – This topic helped me to extract a gpg file using PGP tool ..

Thanks a lot this was very helpful to me.

Is there a way to decrypt if I dont remember the passphrase ??

What can i do if i want to encrypt a folder?

If you use kgpg then the folder will be compressed before it is encrypted but here have been changes to seahorse and Gnome 3, it is called seahorse-nautilus now and I can’t be sure if it will compress the folder first before encrypting because it has lost a lot of useful functions in the change. If anybody is afraid of command line, not that it is a bad thing, just a little long winded and confusing, check out EW (Encryption Wizard), it uses java, cross platform and can encrypt multiple files at once as well as compressing folders before encryption.

hey paul, i have a CentOs server , what should i do to encrypt a folder, use kgpg before using gpg?

kgpg is a GUI front end for gpg on the KDE desktop, it allows you to create, manage and delete private and public keys as well as symmetric and asymmetric encryption. It is integrated into Dolphin which is the native KDE file manager. Once you have created the keys it’s just a matter of right click, then if my memory serves me right, actions and then encrypt file. For Gnome 3 use seahorse-nautilus and all related plugins from the repositories for the same right click function to encrypt files using gpg, seahorse and seahorse-nautilus are also a gpg GUI front end. For newer desktops such as MATE, seahorse-nautilus won’t work because MATE uses a different file manager which I think is called Caji, in this case you could use 7z and compress with a password. 7z compression uses 128 bit or 256 bit AES, not sure which it is so please forgive me on that.

I forgot, 7z password protection isn’t available on KDE, but is for other desktop environments such as MATE and Gnome3, it’s something to do with a problem with the archive manager for KDE, although you can install file-roller and use the password protection that way if need be.

If you want to encrypt a folder and all it’s contents that will stay on the drive and not be compressed or archived, maybe you could check out CryptKeeper. Cryptkeeper is also very useful for cloud synchronizing as it encrypts every file within the folder individually and renames them. For Cryptkeeper you can unlock the folders by using the icon in the system tray, then inputting your password and the folder will appear in your file manager as any other folder. Cryptkeeper works for KDE, Gnome 3 and MATE from my experience although you might have to put it in the list of start-up applications if you don’t want to manually start it every session. I hope all this is helpful to everybody here.

hello sir,
i want to modify my .pfofile to customise my user account. is it based on kind of shell ?
or i can change the any profile.

tanks, its help to protect my file

i use linux and when i created my system i choose to encypt my home file and the hard drive so i think that means my entire hard drive is encypted

Write a program that will take a text file as input, either encrypt or decipher the text using a
keyword cipher (Vigenere cipher), and save the modified text file. The program should ask the
user for the keyword to use in the cipher, whether the file needs to be encrypted or deciphered,
and the name of both the input file and the output file.
In a Vigenere cipher, each letter of the alphabet maps to a number. For our program we will use
the assigned ASCII value of each character. To encrypt the message, a special key word is used.
The keyword is repeated as often as necessary, and the values of the letters in the keyword are
added to the values of the letters in the cypher text to create the encrypted message. When it is
time to decipher the message, the value of the letters in the keyword are subtracted from the
values of the the letters in the encrypted message and the result is the original text. So, here is an
example of how to encrypt a message using the Vigenere ciphere. I’ll leave it to you to figure out
how to decipher it.

can you help me

what’s your problam

kgpg is a GUI front end for gpg on the KDE desktop, it allows you to create, manage and delete private and public keys as well as symmetric and asymmetric encryption. It is integrated into Dolphin which is the native KDE file manager. Once you have created the keys it’s just a matter of right click, then if my memory serves me right, actions and then encrypt file. For Gnome 3 use seahorse-nautilus and all related plugins from the repositories for the same right click function to encrypt files using gpg, seahorse and seahorse-nautilus are also a gpg GUI front end. For newer desktops such as MATE, seahorse-nautilus won’t work because MATE uses a different file manager which I think is called Caji, in this case you could use 7z and compress with a password. 7z compression uses 128 bit or 256 bit AES, not sure which it is so please forgive me on that.

I use Kubuntu and have gpg installed as a default program.

First point. What is the difference between pgp and gpg?

I have downloaded a programme from a website and the page talks of using keys to validate the program.

Second point. Am I correct in assuming that the key must be imported into gpg before a validation can take place. Can validations be done ‘on the fly’?

I am wondering how validations can help.

Is it not possible to put a programme on a website, and place a key there that will fit, and the user (downloader) will note consistency on analysis. As for downloading keys, could someone not upload a key to a server that will show consistence on using gpg when the program itself may be problematic?

Point three. Should keys be used that are published a website, or only those available via servers?

No doubt, I will be back

Ps. Is there a good forum for gpg discussions

Here is something we use to make cron jobs run automated encrypted backups without writing password in the script file (but writing it in a separate file … degree of security is debatable, though)

If you don’t want to write passwords inside scripts, but keep the password in a separate file that can be read only by root then for example:

# cat /secret/location/passwdfile | gpg -c —passphrase-fd 0 backup-file-to-encrypt.gz

This creates the file backup-file-to-encrypt.gz.gpg with the password inside /secret/location/passwdfile.
Permissions (400):
r— — — root root /secret/location/passwdfile

Adjust permissions and owner according to which user you want to run the cron.

On centos, if gpg is not available, then use gpg2, but you have to use the –batch option

# cat /secret/location/passwdfile | gpg2 -c —batch —passphrase-fd 0 backup-file-to-encrypt.gz

# cat /secret/location/passwdfile | gpg —passphrase-fd 0 backup-file-to-encrypt.gz.gpg

# cat /secret/location/passwdfile | gpg2 —batch —passphrase-fd 0 backup-file-to-encrypt.gz.gpg

–passphrase-fd means take passphrase from File Descriptor , 0 means STDIN which is the output of cat piped to the gpg command

I want to encrypt a file with a passphrase and upload it to an insecure location.
Do I need to use both the “-c” flag and “-e” flag? Or will “-c” be enough?

I created a file in LibreOffice Writer. I saved it with a password. NOW the password doesn’t open the file. The gpg thing doesn’t work for me. I assume it’s because I encrypted the thing when I saved it from LibreOffice, but I really don’t know. I’m a newbie you see. Any help?

Do use plain ascii file (with some simple text editor like vim emacs or notepad). The program u r using is writing application related data into the file besides ur password

This did not work for me. It encrypted the file alright, but when I typed ‘gpg ‘ it decrypted the file without my typing in the password. What good is that?

it’s using your key, use a different account and you will need the password

Источник