Quantcast
Linux Hacks

Linux Hack of the Week #8: Encrypting & Decrypting Files on Linux

What’s great about Linux is that there are around a dozen ways to do every task. For example, did you know that by using GPG you can encrypt files with a passphrase or key on the Linux command line?

Example Data

First, we need to a create a file with some data to encrypt. In this example we’ll use the rpm command to get a list of all installed packages on your machine:

[joe@fedora28 ~]$ rpm -qa > secretFile.txt

[joe@fedora28 ~]$ head secretFile.txt

elfutils-default-yama-scope-0.170-11.fc28.noarch

cpp-8.1.1-1.fc28.x86_64

perl-Encode-2.97-3.fc28.x86_64

rp-pppoe-3.12-11.fc28.x86_64

webrtc-audio-processing-0.3-7.fc28.x86_64

abrt-2.10.8-2.fc28.x86_64

mariadb-10.2.14-1.fc28.x86_64

langtable-data-0.0.38-5.fc28.noarch

mesa-filesystem-18.0.2-1.fc28.x86_64

perl-Try-Tiny-0.30-2.fc28.noarch

To verify that our encryption process is giving us back exactly what we give it, we will generate  a hash of the file. Use md5sum to create the hash. Note: This isn’t needed each time you encrypt a file, but we’ll use it for today’s example:

[joe@fedora28 ~]$ md5sum secretFile.txt

ec414472b108a98f12ee36b78ce50d18  secretFile.txt

Encryption

Next, we will encrypt it with a passphrase. To do so, use the command gpg with the option -c for symmetric encryption:

[joe@fedora28 ~]$ gpg -c  secretFile.txt

Enter passphrase:

An import note – doing this does not delete the original file, so you will need to delete it to remove the clear text file:

[joe@fedora28 ~]$ ls secretFile.*

secretFile.txt  secretFile.txt.gpg

Let’s check the hash again using md5sum. This time it is different as the file has been changed. If you head the file, you’ll see that it is clearly different. Also, take a look at the content:

[joe@fedora28 ~]$ md5sum secretFile.txt.gpg

c6e6afb9257da7ec61ce2658c22f0b4a  secretFile.txt.gpg

[joe@fedora28 ~]$ head secretFile.txt.gpg

���@�`��ޅ7��kLd�$��%��qa�LM�3<Tր8+ ��6

Decryption

Now we will decrypt using gpg -d. You’ll provide the same password you used above:

[joe@fedora28 ~]$ gpg -d secretFile.txt.gpg > secretFile.txt

gpg: AES encrypted data

gpg: encrypted with 1 passphrase

Verify that it is your original file and take a look at the content:

[joe@fedora28 ~]$ md5sum secretFile.txt

ec414472b108a98f12ee36b78ce50d18  secretFile.txt

[joe@fedora28 ~]$ head secretFile.txt

elfutils-default-yama-scope-0.170-11.fc28.noarch

cpp-8.1.1-1.fc28.x86_64

perl-Encode-2.97-3.fc28.x86_64

rp-pppoe-3.12-11.fc28.x86_64

webrtc-audio-processing-0.3-7.fc28.x86_64

abrt-2.10.8-2.fc28.x86_64

mariadb-10.2.14-1.fc28.x86_64

langtable-data-0.0.38-5.fc28.noarch

mesa-filesystem-18.0.2-1.fc28.x86_64

perl-Try-Tiny-0.30-2.fc28.noarch

Woo hoo! You have now encrypted and decrypted data with a passphrase. As always, if you have any questions feel free to reach out at mcmanus@automox.com.

About Automox

Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution, visit www.automox.com/signup.

 

Joe McManus, CISO

Author Joe McManus, CISO

Joe is a Senior Cyber Security Researcher at CERT and a Professor at the University of Colorado College of Engineering where he teaches graduate courses in information security and forensics. Recently, Joe was the Director of Security at SolidFire, (acquired by NetApp [NTAP]). He is an avid cyclist, climber and leads the Automox security team.

More posts by Joe McManus, CISO

Leave a Reply