Is there a tool to encrypt a file or directory?

Question

What's the most popular way to encrypt individual files or folders?

score 48 · Answer 1 · edited Jan 27 '19 at 07:31

GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.

For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.

For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:

gpg --symmetric < unencrypted_file > encrypted_file

Decryption:

gpg --decrypt < encrypted_file > decrypted_file

Note that gpg caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache option as described in a related answer.

Manual page of gpg.

old answer for users who are able to chose good keys, see note below

For single files, openssl is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.

NOTE: the password that you enter here will be processed by one MD5 iteration ¹. If you chose a password "123456", then you will have very little security.

Encrypt:

openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file

You'll be asked for a password, which you have to input twice.

Decrypt:

openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file

Manual page for the enc program.

¹ openssl enc uses the digest function defined by the -md option (default md5) and invokes function EVP_BytesToKey() with an iteration count of 1. This can be found in the openssl source at apps/enc.c.

score 31 · Answer 2 · edited Mar 11 '17 at 19:00

31

I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus: Nautilus integration

To get nautilus integration, install the package seahorse-nautilus from the Software Center: seahorse-nautilus

edited Mar 11 '17 at 19:00

Community

1

answered Feb 23 '11 at 19:17

passy

1,139

score 19 · Answer 3 · edited Dec 24 '18 at 03:02

19

EncFS system tray applet for GNOME cryptkeeper

TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.

edited Dec 24 '18 at 03:02

Pablo Bianchi

17,371

answered Feb 23 '11 at 18:57

hhlp

42,872

djeikyb · Answer 4 · 2016-09-03T07:03:10.790

A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.

First run gpg --gen-key. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt. This will create a file called foo.txt.gpg. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg. Decrypting will prompt you before overwriting existing files.

If you need to encrypt a directory, tar it first:

tar -cf foo.tar foo/
gpg -e foo.tar

You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.

score 12 · Answer 5 · answered Feb 24 '12 at 16:59

There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.

You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private, recursively, will be encrypted.

score 2 · Answer 6 · edited Sep 04 '18 at 09:17

You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories. It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms. Its homepage is here: https://www.academic-signature.org

I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)

score 1 · Answer 7 · answered Aug 14 '14 at 20:07

1

I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)

https://github.com/orionM/ssl-crypt-tools

enjoy

answered Aug 14 '14 at 20:07

private_nodez

19

Is there a tool to encrypt a file or directory?

7 Answers7

Linked

Related