Encrypt data in Linux/Unix
Do you have files on your computer that you wouldn’t want your spouse to read, or perhaps your main competitor. Chances are if you use your computer for work or general usage the answer is yes. Also what happens if you want to send a file to someone, or let them download it from you, but you only have access to the coded file.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar
enter des-ede3-cbc encryption password:
GnuPG is the GNU project’s complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.
[root@localhot ~]# gpg -c testfile.txt
[root@localhot ~]# cat test
[root@localhot ~]# cat test.gpg
+c)Û;6¢!> ¾çõÀ`É#+° cÍÐ*b×áw´¡Rbùßåì
:) realy crypted
[root@localhot ~]# gpg test.gpg
gpg: CAST5 encrypted data
AES Crypt :
AES Crypt is an advanced file encryption utility that integrates with the Windows shell or runs from the Linux command prompt to provide a simple, yet powerful, tool for encrypting files using the Advanced Encryption Standard (AES) algorithm. There is also a Java library for software developers who wish to read and write AES-encrypted files from within Java application.
aescrypt -e -p password file.jpg
aescrypt -d -p password file.jpg.aes
tar and Encrypte directory :
tar -cvf - /home | aescrypt -e -p password - >backup_files.tar.aes
Using AES Crypt for Java:
This Java AES Crypt package contains the Java class es.vocali.util.AESCrypt, which provides file encryption and decryption using aescrypt file format.
In order to use 256 bit AES keys, you must download and install “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” from http://java.sun.com/javase/downloads/index.jsp
java -cp bin es.vocali.util.AESCrypt e|d password fromPath toPath
e = encrypt d= decrypt
Is a kernel-native cryptographic filesystem.
It’s also a stacked filesystem, eCryptfs must work on top of another filesystem such as Ext3.
This means that you don’t need to allocate space for eCryptfs, it will grow and shrink as you add files
Encrpte Files in Fedora or Ubuntu :
First install ecryptfs :
[root@localhot ~]# yum install ecryptfs-utils.i586
On Ubuntu :
[root@localhot ~]# apt-get install ecryptfs-utils
Lets see how it works :
[root@localhot ~]# mkdir ~/secrets
[root@localhot ~]# chmod 700 ~/secrets
[root@localhot ~]# mount -t ecryptfs ~/secrets/ ~/secrets
Select key type to use for newly created files:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Select key bytes:
Enable plaintext passthrough (y/n) [n]: N
Enable plaintext passthrough (y/n) [n]: n
Enable filename encryption (y/n) [n]:
Attempting to mount with the following options:
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
Would you like to proceed with the mount (yes/no)? yes
Would you like to append sig [6ecfe823eb71f8f9] to
in order to avoid this warning in the future (yes/no)? yes
Successfully appended new sig to user sig cache file
Now copy some files to ~/secrets
and umount ~/secrets and check if you read the files.