You have been redirected here, which houses content from our former
website; this content may or may not be current. Our
official website
may have more up-to-date information.
|
UBC Mathematics: MathNet FAQ [File Encryption]
UBC Mathematics: MathNet FAQ [File Encryption]
Question: How do I encrypt a file?
Author: Joseph Tam
Date: Aug. 10, 2005
File encryption is a way that you can safeguard the contents of a file
from unauthorized reading. It is a useful complement to other protection
such as file permissions, and can be used in conjuction with them to provide
maximum protection against unauthorized access.
Symmetric Encryption
Here are some methods for symmetric encryption of data. Symmetric means
that the same key (password) is used for encryption and decryption. Both the
author (the one who encrypts) and the reader(s) (who needs to decrypt)
will have to share the secret password.
Crypt: this is an old Unix utility that uses
an outdated algorithm. Only use this for documents which
you want to protect against casual reading. It should not
be used for anything vital.
Usage: crypt [password] <infile >outfile
Manual: man crypt
Vi: encryption/deccyption that is built into the
vi editor which makes it handy to edit file without having to
decrypt/edit/encrypt again. The cipher used is not very strong,
so it should not be used with very sensitive data.
Usage: vi -x file
Manual: man vi
Zip: if you need to archive and encrypt lots of files, you
can use the zip utility to do both at the same time. Although the cipher
is not very strong, it has the benefit of portability as Zip/Unzip utilities
are available for many types of computers. Additionally, the encrypted data
can also be compressed.
This makes it useful to transfer a bunch of files via Email or web. The password
should be transmitted to the recipient over some other secure channel (e.g. face
to face).
Usage: zip -e archive.zip ...
Manual: man zip
OpenSSL: the standard open source tool for encryption. This
utility will offer a choice of many types of ciphers, of which some of them
are reasonably strong.
Usage: (encrypt) openssl cipher -salt <datafile >encodedfile
Usage: (decrypt) openssl cipher -d <encodedfile >datafile
cipher can be one of bf (blowfish), cast (CAST), des
(single-DES), des3 (triple-DES), desx (DESX), idea (IDEA), rc2 (RC2),
rc4 (RC4), rc5 (RC5), as well as variations on these ciphers (Cipher
Feeback, Cipher Chain Blocking, etc.). See man pages for more details.
Manual: man enc
Public Key Encryption
Symmetric key encryption does not work well when you get unsolicited data
that needs to be kept private, or you get lots of data from many sources.
The recipient would have to manage many keys shared with many senders.
Instead, public key encryption should be used. In this system, two keys
are generated: a public key which can be published, and a private key kept
by the recipient to decrypt the data encrypted using the public key.
Further details on how to use GnuPG can be found here:
http://www.gnupg.org/(en)/documentation/howtos.html
|
|