How to encrypt files with GPG and OpenSSL on GNU
/ Linux
I have just recently found out that it is possible to
use
openssl to encrypt files to tighten your security.
Why would I want to encrypt files? Well very simple, I have plain
text files where I write down my passwords for servers or account
logins for services I use on the internet.
Before this very day I
use gpg to encrypt and decrypt my
sensitive information files and archives. The way to encrypt files
with GPG is very simple, here is an example:
server:~# ls -al test.txt
-rw-r--r-- 1 root root 12 Nov 25 16:50 test.txt
server:~# gpg -c test.txt > test.txt.gpg
Enter passphrase:
Repeat passphrase:
Typing twice the same password produces the encrypted file
test.txt.gpg . In order to
later decrypt the gpg password
protected file I use cmd:
server:~# gpg -d test.txt.gpg >test.txt
Enter passphrase:
Repeat passphrase:
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity
protected
As one can see from above output by default
gpg uses the
CAST5 algorithm to encrypt the data. For all those curious
on
what kind of encryption does CAST5 provide and where the
CAST5 origins are, in short CAST5 is a GNU invented cryptographic
algorithm, the short description of the algorithm is as
follows:
"...a DES-like Substitution-Permutation Network (SPN)
cryptosystem which appears to have good resistance to differential
cryptanalysis, linear cryptanalysis, and related-key cryptanalysis.
This cipher also possesses a number of other desirable
cryptographic properties, including avalanche, Strict Avalanche
Criterion (SAC), Bit Independence Criterion (BIC), no
complementation property, and an absence of weak and semi-weak
keys."
Anyways, for all those who trust more the DES128 encryption as an
encryption algorithm to keep your data secret, the
openssl
command tool provides another mean to encrypt sensitive
data.
To encrypt a file using the openssl's DES encryption
capabilities:
server:~# openssl des -salt -in test.txt -out
test.txt.des
enter des-cbc encryption password:
Verifying - enter des-cbc encryption password:
As you can see to encrypt with the DES-CBC its necessery to type
twice the secret password "salt" keyword which will be used as an
encryption key.
To decrypt later on the DES encrypted file the cmd is:
server:~# openssl des -d -salt -in file.des -out
file
In order to encrypt a whole directory earlier compressed with tar
zip:
server:~# tar -czf - directory | openssl des -salt -out
directory.tar.gz.des
Where
directory is the name of directory which will be
tarred and crypted.
To later
decrypt with openssl the above encrypted tar.gz.des
file:
server:~# openssl des -d -salt -in directory.tar.gzdes | tar
-x