EncryptPad is a handy text editor with encryption

Secure Writer

© Lead Image © rawpixel, 123RF.com

© Lead Image © rawpixel, 123RF.com

Article from Issue 219/2019

EncryptPad provides symmetric text encryption directly from the editor. You can also use EncryptPad to encrypt binary data.

EncryptPad [1] is a text editor with an encryption function. If you have a file with sensitive information, such as passwords and account names, you can use EncryptPad to edit and maintain the file, all the while ensuring that the file remains encrypted. EncryptPad also provides a data integrity feature through the SHA-1 hashing algorithm, so if you receive a file from someone else, you can ensure that it hasn't been altered in transmission. EncryptPad even protects you from a brute force attack by letting you safeguard the encrypted information with both a key and a passphrase. Store the key separately; if the USB stick with the encrypted information falls into the wrong hands, the thief won't have access the to data just by guessing the password.

In contrast to other common encryption tools, EncryptPad uses symmetric (rather than asymmetric) encryption. You use the same key to encrypt and decrypt the file. If you are sending the encrypted file to someone else, you need to provide the passphrase and/or key file to the other user separately.

EncryptPad, which has been on GitHub for about three years [2], is still at the beta stage; the current version at this time of writing is The software is available for Linux, Mac OS X, and Windows. EncryptPad relies on OpenPGP [3] [4], and it uses the AES 256 symmetric encryption standard [5]. Some of the functionality of EncryptPad is similar to the gnupg.vim extension for the Vim editor.

You can access EncryptPad through your desktop interface or use the encryptcli command to run the application at the command line.


EncryptPad has not yet made it into the archives of many Linux distributions, although you will find it in the Ubuntu PPA, the Arch Linux AUR, and FreeBSD. The developer offers the application for Linux as an AppImage [6] with a size of 29MB. Note that you have to adjust the permissions for the file before the first start. To set the permissions, use the chmod +x filename command in a terminal window.

To launch EncryptPad, double-click on the file; later on, you will be able to start from the application menu in some distributions. At first glance, the main window looks like a regular text editor (Figure 1). But if you mouse over the icons or browse the menu, you'll find the functions for creating passphrases and key files, as well as a read-only mode that ensures that you don't unintentionally change important documents.

Figure 1: EncryptPad looks similar to classic text editors. Note the arrow at the bottom pointing to the encryption status.

The Settings menu mainly contain parameters for creating passphrases and key files. If necessary, you can adjust these settings directly when you execute an action. However, you might want to configure the font and the number of files displayed in the Open dialog to suit your requirements.

If you plan to use keys, you will also need to specify the path to the cURL binary file. You can determine the path by typing which curl in a terminal window; it may be necessary to install the program via the package manager. cURL lets you download keys directly from a remote server in EncryptPad.

Two Formats

EncryptPad supports two file formats: GPG and EPD. The GPG file type is for the OpenPGP format and is compatible with other OpenPGP tools. You can use it when opening a file even if EncryptPad is not available. The format does not support double protection with a key file and passphrase.

When using GPG, it is not possible to store the path of the key file in the encrypted file itself, so every time a file encrypted with a key file is opened, you are prompted to choose which key file the editor should use.

EPD is the native EncryptPad file format. Other OpenPGP software can open an EPD file as it is only protected with a passphrase, because then it is effectively a GPG file.

If you use a key or a combination of key and passphrase to protect the data, the program packs the GPG file into a WAD container. WAD [7], which stands for "Where's All the Data," is a simple format for combining multiple binary files. You can open WAD containers with SLADE [8].

The simplest case to protect text with EncryptPad is via the Save As function. In the case of unprotected text, you will see the information Passphrase not set and Key not set in red at the bottom right of the window.

Select GnuPG (*.gpg) in the Save dialog under Files of Type, and add the rest of the information, such as a filename and a desired storage location. Before the application saves the text, it prompts you to enter a password. After saving, the Passphrase not set message in red changes to a Password protected message in black.

The result is an OpenPGP file that no longer relies on EncryptPad for decryption but can be opened with standard GPG tools.

Using a Key

To protect text with a key, open or create the text file. Then click on the icon with the key and the plus sign. If you already have a key that you want to use, enter the path in the upper field of the input screen. To create a new key, enter a name in the Generate Key dialog box (Figure 2).

Figure 2: The Generate Key dialog box lets you specify a path for saving the key, or you can name the key and store it in the key repository.

When you create a key file, EncryptPad creates a random byte sequence, prompts the user for a passphrase, encrypts the resulting sequence with it, and stores the results in a file. The application saves the key file with the .key extension in the home directory of the user below the hidden ~/.encryptpad folder (Figure 3).

Figure 3: EncryptPad hides the created keys in the user's home directory.

Now press OK and enter a passphrase to protect the key. The software will ask you if you want to use the key for the open file. After you've said yes, nothing seems to happen. However, if you take a look at the ~/.encryptpad folder below your home directory, you will see that the key is already there. Further indicators are the Key not set message changing to Key protected. In addition, the icon with a plus sign now has a minus sign that lets you remove key protection for this file.

To open the currently encrypted file later on, first enter the location of the key in the dialog. The software automatically detects this correctly as long as you do not move the key file. In a second step, enter the passphrase that you have assigned.

The whole thing can be nested one level further by protecting the key file with an additional password. Proceed as in the previous example, but do not select .gpg as the file format; instead, go for .epd. The software will ask you for an additional passphrase. The second passphrase protects the file on the hard disk. When the process is complete, you should see Passphrase protected and Keyword protected at the bottom (Figure 4).

Figure 4: Double protection with a passphrase and a key: One password protects the key; a second protects the resulting file on the hard disk.

If you want to close the file and open it again later, you will be prompted for the passphrase within the file and then for the key. For simplicity's sake, you will want to check Persistent key location in the encrypted file, because this option will eliminate the need to query the key in the future. All you need to do is enter the two passwords. If this option is set, EncryptPad shows you the option at the bottom in the Keyword protected section (Figure 5).

Figure 5: The check mark saves you some typing later on: EncryptPad stores the path to the key in the file itself and automatically adopts it when opening the file.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Command Line – crypt

    If you just need to encrypt a file or two, a descendant of crypt can do the job. Which one you choose depends on your objective.

  • Command Line: Encrypting Partitions

    Modern installers offer the option of encryption with just a few clicks, but you might want to take control of the process. We show how to encrypt your partitions safely without sacrificing convenience.

  • Coming of Age

    Age, a modern encryption tool, could soon replace PGP and GPG when it comes to file encryption.

  • Secretive

    KDE Kleopatra, a front end for the GNU PrivacyGuard command-line program, lets you sign and encrypt email for more secure communication.

  • Master of the Keys

    Charly makes life easier for himself by using the lean Age tool for command-line data encryption tasks.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More