File-based encryption for Linux

October 31st, 2007

Tags: , , , ,

I have some files (e.g. login data) which I would like to keep encrypted on my disk. For this kind of protection symmetric encryption suites me best. So what do we have on Linux side for a quick and clean symmetric encryption?: ccrypt. Based on the Rijndael block cipher, which is also the base for the Advanced Encryption Standard, ccrypt secures files symmetrically. This means no private keys needed, and the en- and decryption can be done with a single passphrase. I also created to scripts which integrate ccrypt, a command-line tool, into my gnome environment. Because the Rjindael algorithm differs for encryption and decryption a script is needed for both.

1. Install ccrypt.

  1. apt-get install ccrypt

2. Create the file ~/.gnome2/nautilus-scripts/decrypt

  1. touch ~/.gnome2/nautilus-scripts/decrypt

3. and insert the following content.

  1. #####################
  2. #!/bin/sh
  3. #
  4. # This script decrypts file(s) or directories encrypted with ccrypt
  5. #
  6. # Distributed under the terms of GNU GPL version 2 or later
  7. #
  8. # We put ccrypt full path in environment variable here to avoid
  9. # problems with variables substitution when creatign files
  10. CCRYPT_PATH=/usr/bin/ccrypt
  11. #
  12. quoted=$(echo -e "$NAUTILUS_SCRIPT_SELECTED_FILE_PATHS" | awk 'BEGIN { FS = "\n" } { printf "\"%s\" ", $1 }' | sed -e s#\"\"##)
  13. #
  14. # Call Gnome Terminal to execute ccrypt
  15. gnome-terminal -t "Decrypting File(s)" --hide-menubar -e "$CCRYPT_PATH -d -s -v -t -r -P 'Enter File(s) Decryption Key: ' $quoted"
  16. ########################

4. Create ~/.gnome2/nautilus-scripts/encrypt

  1. touch ~/.gnome2/nautilus-scripts/encrypt

5. and insert this content.

  1. #########################
  2. #!/bin/sh
  3. #
  4. # This script encrypts file(s) or directories with ccrypt
  5. #
  6. # Distributed under the terms of GNU GPL version 2 or later
  7. #
  8. # We put ccrypt full path in environment variable here to avoid
  9. # problems with variables substitution when creatign files
  10. CCRYPT_PATH=/usr/bin/ccrypt
  11. #
  12. quoted=$(echo -e "$NAUTILUS_SCRIPT_SELECTED_FILE_PATHS" | awk 'BEGIN { FS = "\n" } { printf "\"%s\" ", $1 }' | sed -e s#\"\"##)
  13. #
  14. # Call Gnome Terminal to execute ccrypt
  15. gnome-terminal -t "Encrypting File(s)" --hide-menubar -e "$CCRYPT_PATH -e -s -v -t -r -P 'Enter File(s) Encryption Key: ' $quoted"

Now you should be able to see the scripts when right-clicking on a file under the ‘Scripts’ entry.

Source: DebCentral Forum – Re: Software GEM’s