Otto  background

Linux Hack of the Week #8: Encrypting & Decrypting Files on Linux

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

What’s great about Linux is that there are around a dozen ways to do every task. For example, did you know that by using GPG you can encrypt files with a passphrase or key on the Linux command line?

Example Data

First, we need to a create a file with some data to encrypt. In this example we’ll use the rpm command to get a list of all installed packages on your machine:

[joe@fedora28 ~]$ rpm -qa > secretFile.txt

[joe@fedora28 ~]$ head secretFile.txt

elfutils-default-yama-scope-0.170-11.fc28.noarch

cpp-8.1.1-1.fc28.x86_64

perl-Encode-2.97-3.fc28.x86_64

rp-pppoe-3.12-11.fc28.x86_64

webrtc-audio-processing-0.3-7.fc28.x86_64

abrt-2.10.8-2.fc28.x86_64

mariadb-10.2.14-1.fc28.x86_64

langtable-data-0.0.38-5.fc28.noarch

mesa-filesystem-18.0.2-1.fc28.x86_64

perl-Try-Tiny-0.30-2.fc28.noarch

 

To verify that our encryption process is giving us back exactly what we give it, we will generate  a hash of the file. Use md5sum to create the hash. Note: This isn’t needed each time you encrypt a file, but we’ll use it for today’s example:

[joe@fedora28 ~]$ md5sum secretFile.txt

ec414472b108a98f12ee36b78ce50d18  secretFile.txt

 

Encryption

Next, we will encrypt it with a passphrase. To do so, use the command gpg with the option -c for symmetric encryption:

[joe@fedora28 ~]$ gpg -c  secretFile.txt

Enter passphrase:

 

An import note - doing this does not delete the original file, so you will need to delete it to remove the clear text file:

[joe@fedora28 ~]$ ls secretFile.*

secretFile.txt  secretFile.txt.gpg

 

Let’s check the hash again using md5sum. This time it is different as the file has been changed. If you head the file, you’ll see that it is clearly different. Also, take a look at the content:

[joe@fedora28 ~]$ md5sum secretFile.txt.gpg

c6e6afb9257da7ec61ce2658c22f0b4a  secretFile.txt.gpg

[joe@fedora28 ~]$ head secretFile.txt.gpg

���@�`��ޅ7��kLd�$��%��qa�LM�3<Tր8+ ��6

 

Decryption

Now we will decrypt using gpg -d. You’ll provide the same password you used above:

[joe@fedora28 ~]$ gpg -d secretFile.txt.gpg > secretFile.txt

gpg: AES encrypted data

gpg: encrypted with 1 passphrase

 

Verify that it is your original file and take a look at the content:

[joe@fedora28 ~]$ md5sum secretFile.txt

ec414472b108a98f12ee36b78ce50d18  secretFile.txt

[joe@fedora28 ~]$ head secretFile.txt

elfutils-default-yama-scope-0.170-11.fc28.noarch

cpp-8.1.1-1.fc28.x86_64

perl-Encode-2.97-3.fc28.x86_64

rp-pppoe-3.12-11.fc28.x86_64

webrtc-audio-processing-0.3-7.fc28.x86_64

abrt-2.10.8-2.fc28.x86_64

mariadb-10.2.14-1.fc28.x86_64

langtable-data-0.0.38-5.fc28.noarch

mesa-filesystem-18.0.2-1.fc28.x86_64

perl-Try-Tiny-0.30-2.fc28.noarch

 

Woo hoo! You have now encrypted and decrypted data with a passphrase. As always, if you have any questions feel free to reach out at support@automox.com.


Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. 

Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic

loading...