In Linux, there are a couple of encryption tools that allow us to secure our files. In this tutorial, we’ll learn how we can password protect a tar file in Linux using some of these encryption tools.
2. Using gpg
We can use the gpg command with different options to specify the type of operations. For instance, ––encrypt specifies to encrypt the files. To encrypt data with a symmetric cipher, the symmetric option is used. The default symmetric cipher for gpg is CAST5. However, we can choose the other cipher algorithm using the ––cipher-algo option.
To know about the supported cipher algorithms, we can use the ––version option.
$ gpg --version ... Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2
As an example, let’s take one tar file and encrypt it with gpg:
$ ls archive_file.tar file1.txt file2.txt file3.txt $ gpg --symmetric --cipher-algo aes256 archive_file.tar $ ls archive_file.tar archive_file.tar.gpg file1.txt file2.txt file3.txt
When executing the command above, it prompts us to enter the passphrase (in this case, through a GUI pop-up). Once entered, it prompts again to confirm the same. On successful execution of the command, it will generate the archive file with a ‘.gpg‘ extension. This output file will be encrypted and protected with your passphrase.
In order to get the tar file back from the encrypted file, we can use the ––decrypt option:
$ gpg --output archive_file.tar --decrypt archive_file.tar.gpg gpg: AES256 encrypted data gpg: encrypted with 1 passphrase $ ls archive_file.tar archive_file.tar.gpg file1.txt file2.txt file3.txt
Here, we can use the ––output option to specify the particular output file name. The same passphrase must be entered when prompted to decrypt the file.
3. Using ccrypt
The ccrypt is also a command-line tool to encrypt and decrypt files and streams. It is based on the Rijndael or Advanced Encryption Standard (AES) block cipher.
Encrypt (––encrypt or -e) is the default mode. This mode encrypts the given file and appends a ‘.cpt‘ extension to it. Alternatively, we can directly use the ccencrypt command with the file name to encrypt the file. This is equivalent to ‘ccrypt -e‘.
For example, when we execute ccrypt command, it asks for an encryption key to encrypt our tar file:
$ ls file1.txt file2.txt file3.txt tar_file.tar $ ccrypt tar_file.tar Enter encryption key: Enter encryption key: (repeat) $ ls file1.txt file2.txt file3.txt tar_file.tar.cpt
In the process of decrypting the .cpt file to get back the original file, we need to execute the ccrypt command with the ––decrypt option. When executing this combination, it prompts for the decryption key. In order to decrypt, we need to enter the same key that we used for encryption.
$ ccrypt --decrypt tar_file.tar.cpt Enter decryption key: $ ls file1.txt file2.txt file3.txt tar_file.tar
In this article, we saw two command-line tools, gpg, and ccrypt. Using these, we can encrypt our tar file with a passphrase. Moreover, using the same tools, we can get the original tar file by decrypting them with the same passphrase.