Encrypting Files and folder through terminal
I am new to part of encryption on Ubuntu .
Is there any way to encrypt files and folder with password from terminal ? without using truecrypt or cryptkeeper etc.
You can encrypt and decrypt files with gpg
To encrypt a file
gpg -c file.to.encrypt
To decrypt a file
gpg file.to.encrypt.gpg
But gpg will not do entire directories. For entire directories you have several options, ecryptfs is popular.
# Install if ecryptfs-utils if needed
sudo apt-get install ecryptfs-utils
# Make an encrypted directory
ecryptfs-setup-private
That will make a directory "Private". Any data you put into the directory Private
will automatically be encrypted when you log out and decrypted when you log in.
If you want a different behavior or a different directory ...
mkdir ~/secret
chmod 700 ~/secret
sudo mount -t ecryptfs ~your_user/secret ~your_user/secret
Put your data into ~/secrte
To encrypt
sudo umount ~your_user/secret
To Decrypt
sudo mount ./secret ./secret -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes
Hint: make an alias for that second command.
See http://bodhizazen.com/Tutorials/Ecryptfs or man ecryptfs for additional details.
ecryptfs will certainly encrypt files and folders, ensuring that the data that gets written to disk is always encrypted, and that applications which need access to the cleartext context can get that seamlessly.
However, to answer your question specifically, you can certainly encrypt a single file with a passphrase and gpg:
gpg -c /tmp/file > /tmp/file.gpg
To encrypt a folder, you should use tar in conjunction with gpg:
tar zcvf - /tmp/directory | gpg -c > /tmp/directory.tar.gz.gpg
encfs
, as suggested by the community docs, works pretty well.
Installing: In order to install you must first add the universe repository
Then issue the command:
sudo apt install encfs
Then simply type into the terminal: encfs encrypted visible
to create folders in the current directory named encrypted
and visible
and set up a password.
For example, if I'm in the default (home) directory (use pwd
to see where you are), this will create folders /home/ijoseph/visible
and /home/ijoseph/encrypted
for me, since my username is ijoseph
.
visible
can be written and read, and stores its data encrypted in the encrypted
folder.
To "hide" your data and leave only the encrypted version of the folder, type
fusermount -u visible
. You'll want to do this before logging out or physically moving your laptop, usually, for protection. You'll notice everything disappears from the visible
folder when you type ls
.
To re-mount (re-gain access to the visible
folder for read/write), run encfs encrypted visible
again.