From my mailbag:
Q. How do I password protect files?
Linux and other Unixish oses offers strong file permissions and ACL (access control list) concept in Linux/UNIX computer security used to enforce privilege separation.
However, none of them offers a password to protect files. You can use GNU gpg (GNU Privacy Guard) encryption and signing tool. It is a suite of cryptographic software. Many new UNIX/Linux users get confused with this fact.
Solution is to use following commands to encrypt or decrypt files with a password.
- Use GNU gpg command
- Use mcrypt command
- Use openssl command
Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter.
Encrypt data.txt file:
$ mcrypt data.txt
Enter the passphrase (maximum of 512 characters) Please use a combination of upper and lower case letters and numbers. Enter passphrase: Enter passphrase:
A new file is created with the extension .nc i.e. data.txt.nc:
$ ls data.txt.nc
$ cat data.txt.nc
Decrypt the data.txt.nc file:
$ mcrypt -d data.txt.nc
Enter passphrase: File data.txt.nc was decrypted.
Verify that file was decrypted:
$ ls data.txt
$ cat data.txt
For mcrypt to be compatible with the Solaris des, the following parameters are needed:
$ mcrypt -a des --keymode pkdes --bare -noiv data.txt
Delete the input file if the whole process of encryption/decryption succeeds (pass -u option):
$ mcrypt -u data.txt
$ mcrypt -u -d data.txt.nc
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. You can use the openssl program which is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for encrypt and decrypt files with a password:
Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.out
Decrypt encrypted file file.out
$ openssl enc -d -aes-256-cbc -in file.out
- enc : Encoding with Ciphers.
- Use of GNU gpg command to encrypt and decrypt files with a password
- OpenSSL Command-Line HOWTO
- Please consult man pages of mcrypt, openssl and gpg for more information