Linux: HowTo Encrypt And Decrypt Files With A Password using gpg and vim and openssl

To encrypt and decrypt files with a password, using gpg,vim,openssl command. It is an encryption and signing tool for Linux/UNIX like operating system such as FreeBSD/Solaris and others.

  • Encrypt a text file in Linux using gnupg

    GnuPG stands for GNU Privacy Guard and is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility.

    Encrypting a file in linux

    To encrypt a single file, use command gpg as follows:

    $ gpg -c filename

    To encrypt myfinancial.info.txt file, type the command:
    $ gpg -c myfinancial.info.txt
    Sample output:

    Enter passphrase:<YOUR-PASSWORD>
    Repeat passphrase:<YOUR-PASSWORD>

    This will create a myfinancial.info.txt.gpg file. Where,

    • -c : Encrypt with symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the –cipher-algo option. This option may be combined with –sign (for a signed and symmetrically encrypted message), –encrypt (for a message that may be decrypted via a secret key or a passphrase), or –sign and –encrypt together (for a signed message that may be decrypted via a secret key or a passphrase).

    Please note that if you ever forgot your password (passphrase), you cannot recover the data as it use very strong encryption.

    Decrypt a file

    To decrypt file use the gpg command as follow:

    $ gpg myfinancial.info.txt.gpg

    Sample outputs:

    $ gpg myfinancial.info.txt.gpg

    gpg: CAST5 encrypted data
    Enter passphrase:<YOUR-PASSWORD>
    Decrypt file and write output to file vivek.info.txt you can run command:

    $ gpg myfinancial.info.gpg –o vivek.info.txt

    Also note that if file extension is .asc, it is a ASCII encrypted file and if file extension is .gpg, it is a binary encrypted file.

     

  •  Encrypt a text file in Linux using VIM text editor

    vim -x [file name]

    mkyong@snake ~]$ vim -x mkyong.txt

    This will prompt us to enter encryption key (password)

    Enter encryption key : ******
    Enter same key again: ******

    After that, key in the text data and save it. Now the “mkyong.txt” text file is encrypted with my password.

    Ok, let try to view the text file content

    [mkyong@snake ~]$ cat mkyong.txt
    VimCrypt~01!??PR?
    ??0?????         ?W#?Q?W?
             (L??Y??
    [mkyong@snake ~]$

    The text file content is encrypted with some alien code :), Done, no body can view the content unless they know my encryption key.

    How to change the encrypted password?

    We can issue the following command (vim +X [file name]) to change the encrypted password.

    mkyong@snake ~]$ vim +X mkyong.txt
    "mkyong.txt" [crypted] 1L, 37C
    Enter encryption key: ***
    Enter same key again: ***

    Done.

     

  •  Encrypt a text file in Linux using openssl

    In this article we will encrypt (using AES 256 cbc) and password protect (Salt the AES) a file using the openssl binary.

    The file we will encrypt will be the file secretfile.txt.As you can see it is just a plain text file.

    [root@linux tmp]# cat  secretfile.txt
    This is a secret file that we do not want anyone to read.

    Encrypt File

    Use the openssl comand to encrypt your file and then test the new file is fully encrypted.

    [root@linux tmp]# openssl aes-256-cbc -salt -in secretfile.txt -out secretfile.txt.aes
    enter aes-256-cbc encryption password:
    Verifying – enter aes-256-cbc encryption password:

    [root@linux tmp]# cat  secretfile.txt.aes
    3b¦ted__Ù.:SLìÕ§ÕL<Jdc
    u3AÈF\V!ê:S2;³âÿ.LfjÏ©ù!_b*&)Stfù

    Decrypt File

    Decrypt the file and then confirm the decypted file is readable.

    [root@linux tmp]# openssl aes-256-cbc -d -salt -in secretfile.txt.aes -out secretfile.txt
    enter aes-256-cbc decryption password:

    [root@linux tmp]# cat secretfile.txt
    This is a secret file that we do not want anyone to read.

    Further notes : In a non-interactive scenario (such using this within a script) were you require no input from the shell (user), you can use the -k to specify the password. Such as `openssl aes-256-cbc -salt -in secretfile.txt -out secretfile.txt.aes -k [password]`.

    Thanks to Nixcraft, fir3net.com, mkyong.com

Advertisements
Posted in Linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: