Tales from the crypt commands
Basic File Encryption
If you just need to encrypt a file or two, a descendant of crypt can do the job. Which one you choose depends on your objective.
These days, when users think of encryption, they usually turn to PGP, OpenSSL, or LUKS. Sometimes, though, you may not want encrypted transmissions or filesystems. When all you want is to encrypt a file or two, all you need is one of the crypt commands – bcrypt
[1], ccrypt
[2], or mcrypt
[3]. All three are specialized for encrypting files and can even have a feature or two that are missing from the better known encryption applications.
All three take their name from crypt
[4], an obsolete Unix command. crypt
was broken long ago, but bcrypt
, ccrypt
, and mcrypt
are all up-to-date encryption tools. In some distributions, mcrypt
may use crypt
as an alias.
All three, however, are simple tools that are easy to learn. With each, you enter the command to encrypt or decrypt with the desired options and then enter a passphrase to complete the operation.
bcrypt
bcrypt
takes its name from the Blowfish encryption [5] that it uses. Designed in 1993 by the well-known security expert Bruce Schneier, Blowfish encrypts quickly. In bcrypt
, Blowfish uses a passphrase of 8-56 characters, which is hashed to 448 bits, and outputs to a file with a .bfe
extension.
To decrypt a command, run it using the same command. Decrypting with the -o
option outputs the file to the command line, allowing it to be read, but not leaving the unencrypted file on the hard drive.
By default, bcrypt
compresses as it encrypts. If you do not want compression, add the -c
option to the command.
At the same time that it encrypts, bcrypt
overwrites the original input files three times with random characters before deleting it to prevent it from being recovered. For added security, you can use the option -sN
, in which N
is the number of times to overwrite the file. Adding -s0
prevents overwriting of the file. To keep the original file, add -r
to the command.
Blowfish is more vulnerable to attacks than more recent forms of encryption, and some distributions no longer include bcrypt
, or else include it only as a legacy command for already encrypted files. In Debian and Ubuntu, encryption has been disabled with bcrypt
for more than a year, a fact that indicates how low a priority the command has become. On the other hand, bcrypt
is simple to learn and may be sufficient for informal purposes.
ccrypt
With options that resemble those of gzip
, ccrypt
(Figure 1) is a much more advanced tool than bcrypt
. Using the much stronger Rijndael block cipher [6], it also offers more options. Unlike bcrypt
, the command requires that you specify whether you are encrypting or decrypting, either through use of the --encrypt
and --decrypt
options or the command aliases ccencrypt
and ccdecrypt
. The alias ccat
is also available for displaying a de-encrypted file at the command line. In the unlikely event that you have a command encrypted with the old Unix crypt
command, you can also use --unixcrypt
(-u
) as an option. Additionally, you can change the passphrase using --keychange
(-x
). ccrypt
outputs to files with a .cpt
extension, which can be encrypted a second time. The .cpt
file overwrites the original file; --tmp FILE
sets the command to use – at a small security risk – a temporary file for encryption.
Encryption or decryption with ccrypt
is based on a passphrase of any length, hashed to 256 characters, using a new random seed each time the command is run. Even with the hashing, the man page recommends a long passphrase; however, as always, the added security of a long passphrase can be offset by the difficulty of entering it or, sometimes, remembering it.
For this reason, although passphrases are most simply set using the option --keyfile FILE
(-k FILE
) and --key2 PASSPHRASE
(-H PASSPHRASE
) for an exchange between users, ccrypt
offers some easier, as well as more secure, methods of using them. For example, you can set an environmental variable as a passphrase and then access it by adding --envvar VARIABLE
(-E VARIABLE
). A second passphrase for key exchanges can be accessed with --envvar2 VARIABLE
(-F VARIABLE
). Similarly, passphrases can be retrieved from encrypted files with one passphrase per line using the options --keyfile FILE
(-k FILE
) and --key2 FILE
(-H FILE
).
Other options are also available for changing the behavior of ccrypt
. For example, --symlinks
(-l
) encrypts symbolic links, and -recursive
(-r
) encrypts an entire directory system. Another useful option is --timid
(-t
), which forces the default behavior and requires that passphrases be entered twice, although if you are willing to settle for a bit less security, you can use --brave
(-b
) instead, and only enter passphrase once. Yet another noteworthy option is --mismatch
(-m
), which can sometimes be used to recover an encrypted file that ccencrypt
is reading as corrupted.
mcrypt
Of the three crypt
commands, mcrypt
(Figure 2) is by far the most extensive. Files are encrypted using the bare command or the alias crypt
and are decrypted by adding the option --decrypt
(-d
). Default behavior, such as block algorithms, key mode, and hash algorithms can be set, one line at a time, in a file called .mcryptrc
in your home directory (see the man page and the various list commands for a complete list of options) or, alternatively, set for a single use with options such as --keymode MODE
(-o MODE
) and --hash HASH-ALGORITHM
(-h HASH-ALGORITHM
).
However, if these options are more detailed than you like, mcrypt
's defaults should be adequate for most purposes. In many cases, the only reason you should need most of the available options is to open an encrypted file made with another, possibly obsolete option. Moreover, unless you are familiar with an option, choosing it is just as likely to weaken encryption as strengthen it.
Simpler security options are the use of mcrypt
as root user, which prevents any writes to the disk during the encryption process, and the --bare
(-b
) option, which prevents information from the original file (e.g., the algorithm, mode, and bit mode from the original file) being transferred to the encrypted file. The hash size can be set with --keysize SIZE
(-s SIZE
).
As with ccrypt
, mcrypt
prompts for the passphrase (keyword) by default. However, you can enter the keyword as part of the command structure with --key KEY
(-k KEY
), which may be convenient but risks your typing being overseen. Another feature mcrypt
has in common with ccrypt
is the ability to enter keywords one per line in a file and then call upon the file. In mycrypt
's case, the option to use a keyword file is --keyfile FILE
(-f FILE
).
Encrypted files can use a passphrase with a default of up to 512 characters and are saved with an .nc
extension, with read and write permissions for the current user only (i.e., to 0600). To make the output readable by PGP or any related command, you can add --openpgp
(-g
) – an option, it should be noted, that is different from the one to compress to OpenPGP standards.
If you use compression with mcrypt
, the options should be entered before any other options to do with encryption, or else the output will not be compressed. The available compression options are --gzip
(-z
), --bzip
(-p
), and --openpgp
(-z
), which uses the OpenPGP format.
After encrypting or decrypting with mcrypt
, you might choose to increase your security by using --flush
to purge all signs of the process. When decrypting, --nodelete
prevents the encrypted version of the file from being deleted. For the curious, --time
will print to the command line statistics about the process just completed, such as the speed of encryption.
Buy this article as PDF
(incl. VAT)