How to encrypt plain text with a password on Linux

encryption

http://www.unreadable.de/ takes a plaintext message + password input and encrypts the plaintext. I want to do this locally on Linux. Is there a one-line command that will compute an encrypted version of my message that I can then email?

My goal is for the receiver to be able to decode the message with nothing but the password.

To be clear, I have no idea what various encryption schemes are (AES, openSSL, RSA, GPG, salt, base64, DES, CBC, reentrant) and not really interested in a research project. I just want a one-line command like

encrypt message.txt -password=secret.txt

which would be decoded like

decrypt message.txt -password=secret.txt

(Yes, I did use google first. https://encrypted.google.com/search?q=encrypt+plain+text+files+with+password+linux is not showing me anything I understand / think I can use.)

Best Answer

The openssl(1) manpage gives a few examples on how to do this:

 ENC EXAMPLES
      Just base64 encode a binary file:

            $ openssl base64 -in file.bin -out file.b64

      Decode the same file:

            $ openssl base64 -d -in file.b64 -out file.bin

      Encrypt a file using triple DES in CBC mode using a prompted password:

            $ openssl des3 -salt -in file.txt -out file.des3

      Decrypt a file using a supplied password:

            $ openssl des3 -d -in file.des3 -out file.txt -k mypassword

      Encrypt a file then base64 encode it (so it can be sent via mail for
      example) using Blowfish in CBC mode:

            $ openssl bf -a -salt -in file.txt -out file.bf

      Base64 decode a file then decrypt it:

            $ openssl bf -d -a -in file.bf -out file.txt

As for the question on hand, the specific encryption scheme only matters inasmuch as both sides must of course use the same one. If you don’t know which one to use, Blowfish is probably a sensible choice:

$ openssl bf -a -salt -in file.txt -out file.bf
$ openssl bf -d -a -in file.bf -out file.txt

I take that you know that encrypting something without knowing at least a minimum about the cryptosystem used is… probably unwise. Personally, I think that a system like GPG is better suited for your task, but requires a little bit more setup, so technically doesn’t fit your question.

Related Solutions

Windows 7 Encrypt Folder with Password

What I think you want is what's called "on-the-fly" encryption/decryption. This is provided by many encryption systems, including the most popular one (AFAIK), TrueCrypt. Create an encrypted container file, mount it, then 'move' all your files in there. Of course, the first time around, you have to wait until all the files are encrypted.

Note: Truecrypt is no longer supported or in development, I recommend using Veracrypt which is based on the original source code of Truecrypt's and is under development and is supported.

https://veracrypt.codeplex.com/

Linux – File encryption in a bash script without explicity providing password

reading man openssl (especially the section PASS PHRASE ARGUMENTS):

Several commands accept password arguments, typically using -passin 
and -passout for input and output passwords respectively. These allow
the password to be obtained from a variety of sources. Both of these
options take a single argument whose format is described below. If no
password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.

   pass:password
             the actual password is password. Since the password is visible
             to utilities (like 'ps' under Unix) this form
             should only be used where security is not important.

   env:var   obtain the password from the environment variable var. Since 
             the environment of other processes is visible on
             certain platforms (e.g. ps under certain Unix OSes)
             this option should be used with caution.

   file:pathname
             the first line of pathname is the password. If the same 
             pathname argument is supplied to -passin and -passout
             arguments then the first line will be used for the input 
             password and the next line for the output password.
             pathname need not refer to a regular file: it could for 
             example refer to a device or named pipe.

   fd:number read the password from the file descriptor number. This 
             can be used to send the data via a pipe for example.

   stdin     read the password from standard input.

openssl enc accepts -pass <arg> ... so, pick your arg from the list given above. eg:

 echo -n "secret" | openssl enc -aes-256-cbc -salt \
        -in file1 -out file1.enc \
        -pass stdin

Best Answer

Related Solutions

Windows 7 Encrypt Folder with Password

Linux – File encryption in a bash script without explicity providing password

Related Question