Frequently Asked Questions
UBC Mathematics: MathNet FAQ [File Encryption]


UBC Mathematics: MathNet FAQ [File Encryption]




Question: How do I encrypt a file?
Author: Joseph Tam
Date: Aug. 10, 2005

File encryption is a way that you can safeguard the contents of a file from unauthorized reading. It is a useful complement to other protection such as file permissions, and can be used in conjuction with them to provide maximum protection against unauthorized access.

Symmetric Encryption

Here are some methods for symmetric encryption of data. Symmetric means that the same key (password) is used for encryption and decryption. Both the author (the one who encrypts) and the reader(s) (who needs to decrypt) will have to share the secret password.

  1. Crypt: this is an old Unix utility that uses an outdated algorithm. Only use this for documents which you want to protect against casual reading. It should not be used for anything vital.

    Usage: crypt [password] <infile >outfile
    Manual: man crypt
  2. Vi: encryption/deccyption that is built into the vi editor which makes it handy to edit file without having to decrypt/edit/encrypt again. The cipher used is not very strong, so it should not be used with very sensitive data.

    Usage: vi -x file
    Manual: man vi
  3. Zip: if you need to archive and encrypt lots of files, you can use the zip utility to do both at the same time. Although the cipher is not very strong, it has the benefit of portability as Zip/Unzip utilities are available for many types of computers. Additionally, the encrypted data can also be compressed.

    This makes it useful to transfer a bunch of files via Email or a web or FTP archive. The password should be transmitted to the recipient over some other secure channel (e.g. face to face).

    Usage: zip -e archive.zip ...
    Manual: man zip
  4. OpenSSL: the standard open source tool for encryption. This utility will offer a choice of many types of ciphers, of which some of them are reasonably strong.

    Usage: (encrypt) openssl cipher -salt <datafile >encodedfile
    Usage: (decrypt) openssl cipher -d <encodedfile >datafile
    cipher can be one of bf (blowfish), cast (CAST), des (single-DES), des3 (triple-DES), desx (DESX), idea (IDEA), rc2 (RC2), rc4 (RC4), rc5 (RC5), as well as variations on these ciphers (Cipher Feeback, Cipher Chain Blocking, etc.). See man pages for more details.
    Manual: man enc

Public Key Encryption

Symmetric key encryption does not work well when you get unsolicited data that needs to be kept private, or you get lots of data from many sources. The recipient would have to manage many keys shared with many senders. Instead, public key encryption should be used. In this system, two keys are generated: a public key which can be published, and a private key kept by the recipient to decrypt the data encrypted using the public key.

Further details on how to use GnuPG can be found here:

http://www.gnupg.org/(en)/documentation/howtos.html
 
Top