Basic File Encryption

These days, when users think of encryption, they usually turn to PGP, OpenSSL, or LUKS. Sometimes, though, you may not want encrypted transmissions or filesystems. When all you want is to encrypt a file or two, all you need is one of the crypt commands – bcrypt [1], ccrypt [2], or mcrypt [3]. All three are specialized for encrypting files and can even have a feature or two that are missing from the better known encryption applications.

All three take their name from crypt [4], an obsolete Unix command. crypt was broken long ago, but bcrypt, ccrypt, and mcrypt are all up-to-date encryption tools. In some distributions, mcrypt may use crypt as an alias.

All three, however, are simple tools that are easy to learn. With each, you enter the command to encrypt or decrypt with the desired options and then enter a passphrase to complete the operation.

bcrypt

bcrypt takes its name from the Blowfish encryption [5] that it uses. Designed in 1993 by the well-known security expert Bruce Schneier, Blowfish encrypts quickly. In bcrypt, Blowfish uses a passphrase of 8-56 characters, which is hashed to 448 bits, and outputs to a file with a .bfe extension.

To decrypt a command, run it using the same command. Decrypting with the -o option outputs the file to the command line, allowing it to be read, but not leaving the unencrypted file on the hard drive.

By default, bcrypt compresses as it encrypts. If you do not want compression, add the -c option to the command.

At the same time that it encrypts, bcrypt overwrites the original input files three times with random characters before deleting it to prevent it from being recovered. For added security, you can use the option -sN, in which N is the number of times to overwrite the file. Adding -s0 prevents overwriting of the file. To keep the original file, add -r to the command.

Blowfish is more vulnerable to attacks than more recent forms of encryption, and some distributions no longer include bcrypt, or else include it only as a legacy command for already encrypted files. In Debian and Ubuntu, encryption has been disabled with bcrypt for more than a year, a fact that indicates how low a priority the command has become. On the other hand, bcrypt is simple to learn and may be sufficient for informal purposes.

ccrypt

With options that resemble those of gzip, ccrypt (Figure 1) is a much more advanced tool than bcrypt. Using the much stronger Rijndael block cipher [6], it also offers more options. Unlike bcrypt, the command requires that you specify whether you are encrypting or decrypting, either through use of the --encrypt and --decrypt options or the command aliases ccencrypt and ccdecrypt. The alias ccat is also available for displaying a de-encrypted file at the command line. In the unlikely event that you have a command encrypted with the old Unix crypt command, you can also use --unixcrypt (-u) as an option. Additionally, you can change the passphrase using --keychange (-x). ccrypt outputs to files with a .cpt extension, which can be encrypted a second time. The .cpt file overwrites the original file; --tmp FILE sets the command to use – at a small security risk – a temporary file for encryption.

Figure 1: ccrypt is an intermediate choice for file encryption, with reasonable security and a useful set of options.

Encryption or decryption with ccrypt is based on a passphrase of any length, hashed to 256 characters, using a new random seed each time the command is run. Even with the hashing, the man page recommends a long passphrase; however, as always, the added security of a long passphrase can be offset by the difficulty of entering it or, sometimes, remembering it.

For this reason, although passphrases are most simply set using the option --keyfile FILE (-k FILE) and --key2 PASSPHRASE (-H PASSPHRASE) for an exchange between users, ccrypt offers some easier, as well as more secure, methods of using them. For example, you can set an environmental variable as a passphrase and then access it by adding --envvar VARIABLE (-E VARIABLE). A second passphrase for key exchanges can be accessed with --envvar2 VARIABLE (-F VARIABLE). Similarly, passphrases can be retrieved from encrypted files with one passphrase per line using the options --keyfile FILE (-k FILE) and --key2 FILE (-H FILE).

Other options are also available for changing the behavior of ccrypt. For example, --symlinks (-l) encrypts symbolic links, and -recursive (-r) encrypts an entire directory system. Another useful option is --timid (-t), which forces the default behavior and requires that passphrases be entered twice, although if you are willing to settle for a bit less security, you can use --brave (-b) instead, and only enter passphrase once. Yet another noteworthy option is --mismatch (-m), which can sometimes be used to recover an encrypted file that ccencrypt is reading as corrupted.

mcrypt

Of the three crypt commands, mcrypt (Figure 2) is by far the most extensive. Files are encrypted using the bare command or the alias crypt and are decrypted by adding the option --decrypt (-d). Default behavior, such as block algorithms, key mode, and hash algorithms can be set, one line at a time, in a file called .mcryptrc in your home directory (see the man page and the various list commands for a complete list of options) or, alternatively, set for a single use with options such as --keymode MODE (-o MODE) and --hash HASH-ALGORITHM (-h HASH-ALGORITHM).

Figure 2: Of the crypt-descended files, mcrypt offers the strongest levels of security. Note how it enforces strong passwords during encryption.

However, if these options are more detailed than you like, mcrypt's defaults should be adequate for most purposes. In many cases, the only reason you should need most of the available options is to open an encrypted file made with another, possibly obsolete option. Moreover, unless you are familiar with an option, choosing it is just as likely to weaken encryption as strengthen it.

Simpler security options are the use of mcrypt as root user, which prevents any writes to the disk during the encryption process, and the --bare (-b) option, which prevents information from the original file (e.g., the algorithm, mode, and bit mode from the original file) being transferred to the encrypted file. The hash size can be set with --keysize SIZE (-s SIZE).

As with ccrypt, mcrypt prompts for the passphrase (keyword) by default. However, you can enter the keyword as part of the command structure with --key KEY (-k KEY), which may be convenient but risks your typing being overseen. Another feature mcrypt has in common with ccrypt is the ability to enter keywords one per line in a file and then call upon the file. In mycrypt's case, the option to use a keyword file is --keyfile FILE (-f FILE).

Encrypted files can use a passphrase with a default of up to 512 characters and are saved with an .nc extension, with read and write permissions for the current user only (i.e., to 0600). To make the output readable by PGP or any related command, you can add --openpgp (-g) – an option, it should be noted, that is different from the one to compress to OpenPGP standards.

If you use compression with mcrypt, the options should be entered before any other options to do with encryption, or else the output will not be compressed. The available compression options are --gzip (-z), --bzip (-p), and --openpgp (-z), which uses the OpenPGP format.

After encrypting or decrypting with mcrypt, you might choose to increase your security by using --flush to purge all signs of the process. When decrypting, --nodelete prevents the encrypted version of the file from being deleted. For the curious, --time will print to the command line statistics about the process just completed, such as the speed of encryption.