≡ Menu

Linux or UNIX password protect files

From my mailbag:

Q. How do I password protect files?

Linux and other Unixish oses offers strong file permissions and ACL (access control list) concept in Linux/UNIX computer security used to enforce privilege separation.

However, none of them offers a password to protect files. You can use GNU gpg (GNU Privacy Guard) encryption and signing tool. It is a suite of cryptographic software. Many new UNIX/Linux users get confused with this fact.

Solution is to use following commands to encrypt or decrypt files with a password.

mcrypt command

Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter.

Examples

Encrypt data.txt file:
$ mcrypt data.txt
Output:

Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

A new file is created with the extension .nc i.e. data.txt.nc:

$ ls data.txt.nc
$ cat data.txt.nc

Decrypt the data.txt.nc file:
$ mcrypt -d data.txt.nc
Output:

Enter passphrase:
File data.txt.nc was decrypted.

Verify that file was decrypted:

$ ls data.txt
$ cat data.txt

For mcrypt to be compatible with the Solaris des, the following parameters are needed:
$ mcrypt -a des --keymode pkdes --bare -noiv data.txt
Delete the input file if the whole process of encryption/decryption succeeds (pass -u option):
$ mcrypt -u data.txt
OR
$ mcrypt -u -d data.txt.nc

openssl command

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. You can use the openssl program which is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for encrypt and decrypt files with a password:

Examples:

Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.out
Decrypt encrypted file file.out
$ openssl enc -d -aes-256-cbc -in file.out
Where,

  • enc : Encoding with Ciphers.

See also:

Sysadmin because even developers need heroes!!!

Share this on:
{ 5 comments… add one }
  • Graham Cranston July 21, 2006, 8:07 pm

    to delete source file the option is

    mcrypt -u [filename]

    not –u.

    This is not shwon in the options section of the man pages but is right up front in the description of the command.

  • Thiago September 12, 2012, 2:10 am

    On decrypt command, with openssl you forgot to put the ‘out’ file.

    Thanks! Great tip!

    Thiago

  • Pouliot March 1, 2014, 9:59 pm

    How would you go about making a passrod protected file on a lInux box that would be read on a Windows box by the usual Windows user (i.e. an IT naif)

  • jasveer August 25, 2014, 2:48 am

    I want to password procted files

  • Imran June 23, 2016, 7:35 pm

    Hi I wanted to password protect my file but mcryt is not working for me.

    My OS version is given below:-
    Machine 1
    [root@localhost ~]# cat /etc/*-release
    NAME=”Red Hat Enterprise Linux Server”
    VERSION=”7.0 (Maipo)”
    ID=”rhel”
    ID_LIKE=”fedora”
    VERSION_ID=”7.0″
    PRETTY_NAME=”Red Hat Enterprise Linux Server 7.0 (Maipo)”
    ANSI_COLOR=”0;31″
    CPE_NAME=”cpe:/o:redhat:enterprise_linux:7.0:GA:server”
    HOME_URL=”https://www.redhat.com/”
    BUG_REPORT_URL=”https://bugzilla.redhat.com/”

    REDHAT_BUGZILLA_PRODUCT=”Red Hat Enterprise Linux 7″
    REDHAT_BUGZILLA_PRODUCT_VERSION=7.0
    REDHAT_SUPPORT_PRODUCT=”Red Hat Enterprise Linux”
    REDHAT_SUPPORT_PRODUCT_VERSION=7.0
    Red Hat Enterprise Linux Server release 7.0 (Maipo)
    Red Hat Enterprise Linux Server release 7.0 (Maipo)

    Machine 2:
    Red Hat Enterprise Linux Server release 6.8 (Santiago)
    Red Hat Enterprise Linux Server release 6.8 (Santiago)

    Please note that i cannot install any extra packages in both of the machine

Security: Are you a robot or human?

Leave a Comment


   Tagged with: , , , , , , , , , , , , ,