Encrypt data in Linux/Unix

Do you have files on your computer that you wouldn’t want your spouse to read, or perhaps your main competitor. Chances are if you use your computer for work or general usage the answer is yes. Also what happens if you want to send a file to someone, or let them download it from you, but you only have access to the coded file.

OpenSSL :

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.


openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3 
enter des-ede3-cbc encryption password: 
Verifying - enter des-ede3-cbc encryption password: 
openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar 
enter des-ede3-cbc encryption password: 


GnuPG is the GNU project’s complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.


[root@localhot ~]# gpg -c testfile.txt
Enter passphrase:

Repeat passphrase:

[root@localhot ~]# cat test
bla blabla

[root@localhot ~]# cat test.gpg

+c)Û;6¢!> ¾çõÀ`É#+° cÍÐ*b×á­w´¡Rbùßåì

:) realy crypted

Now Decrypt:

[root@localhot ~]# gpg test.gpg
gpg: CAST5 encrypted data
Enter passphrase:

AES Crypt :

AES Crypt is an advanced file encryption utility that integrates with the Windows shell or runs from the Linux command prompt to provide a simple, yet powerful, tool for encrypting files using the Advanced Encryption Standard (AES) algorithm. There is also a Java library for software developers who wish to read and write AES-encrypted files from within Java application.


aescrypt -e -p password  file.jpg


aescrypt -d -p password file.jpg.aes

tar and Encrypte directory :

tar -cvf - /home | aescrypt -e -p  password  - >backup_files.tar.aes

Using AES Crypt for Java:

This Java AES Crypt package contains the Java class es.vocali.util.AESCrypt, which provides file encryption and decryption using aescrypt file format.


In order to use 256 bit AES keys, you must download and install “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” from http://java.sun.com/javase/downloads/index.jsp

java -cp bin es.vocali.util.AESCrypt e|d password fromPath toPath

e =  encrypt d=  decrypt 



Is a kernel-native cryptographic filesystem.

It’s also a stacked filesystem, eCryptfs must work on top of another filesystem such as Ext3.

This means that you don’t need to allocate space for eCryptfs, it will grow and shrink as you add files

to it.

Encrpte Files in Fedora or Ubuntu :

First install ecryptfs :

On Fedora 
[root@localhot ~]# yum install ecryptfs-utils.i586 
On Ubuntu :  
[root@localhot ~]# apt-get install ecryptfs-utils 
Lets   see how  it works : 
[root@localhot ~]# mkdir ~/secrets 
[root@localhot ~]# chmod 700 ~/secrets 
[root@localhot ~]# mount -t ecryptfs ~/secrets/ ~/secrets

Select key type to use for newly created files:
1) openssl
2) passphrase
3) tspi
Selection: 2
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]: N
Enable plaintext passthrough (y/n) [n]: n
Enable filename encryption (y/n) [n]:
Attempting to mount with the following options:
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

Would you like to proceed with the mount (yes/no)? yes
Would you like to append sig [6ecfe823eb71f8f9] to
in order to avoid this warning in the future (yes/no)? yes
Successfully appended new sig to user sig cache file
Mounted eCryptfs

Now copy some files to ~/secrets

and umount ~/secrets and check if you read the files.