Is there a tool to encrypt a file or directory?
What's the most popular way to encrypt individual files or folders?
software-recommendation files encryption directory
add a comment |
What's the most popular way to encrypt individual files or folders?
software-recommendation files encryption directory
Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?
– psusi
Feb 23 '11 at 19:15
4
Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?
– belacqua
Feb 23 '11 at 19:23
7
I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.
– JanC
Feb 23 '11 at 22:02
add a comment |
What's the most popular way to encrypt individual files or folders?
software-recommendation files encryption directory
What's the most popular way to encrypt individual files or folders?
software-recommendation files encryption directory
software-recommendation files encryption directory
edited Jan 24 '15 at 11:10
landroni
4,24462249
4,24462249
asked Feb 23 '11 at 18:49
KimKim
1,35441825
1,35441825
Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?
– psusi
Feb 23 '11 at 19:15
4
Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?
– belacqua
Feb 23 '11 at 19:23
7
I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.
– JanC
Feb 23 '11 at 22:02
add a comment |
Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?
– psusi
Feb 23 '11 at 19:15
4
Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?
– belacqua
Feb 23 '11 at 19:23
7
I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.
– JanC
Feb 23 '11 at 22:02
Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?
– psusi
Feb 23 '11 at 19:15
Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?
– psusi
Feb 23 '11 at 19:15
4
4
Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?
– belacqua
Feb 23 '11 at 19:23
Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?
– belacqua
Feb 23 '11 at 19:23
7
7
I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.
– JanC
Feb 23 '11 at 22:02
I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.
– JanC
Feb 23 '11 at 22:02
add a comment |
7 Answers
7
active
oldest
votes
GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.
For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.
For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:
gpg --symmetric < unencrypted_file > encrypted_file
Decryption:
gpg --decrypt < encrypted_file > decrypted_file
Note that gpg
caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache
option as described in a related answer.
Manual page of gpg.
old answer for users who are able to chose good keys, see note below
For single files, openssl
is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.
NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.
Encrypt:
openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file
You'll be asked for a password, which you have to input twice.
Decrypt:
openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file
Manual page for the enc program.
1openssl enc
uses the digest function defined by the -md
option (default md5) and invokes function EVP_BytesToKey()
with an iteration count of 1. This can be found in the openssl source at apps/enc.c
.
Is there a way to do this without a passpharse?
– Assaf Lavie
Mar 2 '11 at 4:32
@Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.
– Lekensteyn
Mar 2 '11 at 14:32
additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "
– v2r
Feb 24 '12 at 17:06
@v2r To add for further readers:-a
base64-encodes the input (alias of-base64
), to decrypt it you also need to add the-a
option.
– Lekensteyn
Feb 24 '12 at 17:14
1
@Lucioaes-256
is an alias foraes-256-cbc
, there is no difference. CBC is a mode of operation for block ciphers. See the manual page ofenc(1)
for a list of supported ciphers.
– Lekensteyn
Dec 19 '13 at 10:21
|
show 4 more comments
I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus:
To get nautilus integration, install the package seahorse-nautilus
from the Software Center: seahorse-nautilus
3
this only works if you have a GPGs keys created in your system ...
– hhlp
Feb 23 '11 at 19:33
3
@hhlp: djeikyb's answer explains how to do that.
– idbrii
Mar 25 '11 at 18:21
1
I'm wanting to encrypt my GPG key.
– KI4JGT
Jun 16 '14 at 17:37
add a comment |
- EncFS system tray applet for GNOME cryptkeeper
TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.
2
+1, encfs - with or without a GUI - is very useful and enough for most purposes.
– loevborg
Feb 23 '11 at 18:58
3
Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).
– Scaine
Feb 23 '11 at 20:27
TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.
– MagicFab
Oct 1 '13 at 23:08
2
TrueCrypt is not that open-source. en.wikipedia.org/wiki/…
– yuric
Dec 20 '13 at 1:42
4
'WARNING: Using TrueCrypt is not secure' - TrueCrypt
– user457015
May 30 '14 at 11:15
|
show 3 more comments
A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.
First run gpg --gen-key
. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt
. This will create a file called foo.txt.gpg
. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg
. Decrypting will prompt you before overwriting existing files.
If you need to encrypt a directory, tar it first:
tar -cf foo.tar foo/
gpg -e foo.tar
You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.
2
The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).
– Panther
Dec 20 '13 at 2:20
add a comment |
There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.
You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private
by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private
, recursively, will be encrypted.
Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version
– ruX
Jan 30 '13 at 13:10
On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's
– Xen2050
Dec 28 '14 at 13:13
add a comment |
You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
Its homepage is here: https://www.academic-signature.org
I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)
add a comment |
I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)
https://github.com/orionM/ssl-crypt-tools
enjoy
1
hmm, bash script usingopenssl aes-256-cbc ...
You know instead of usingif [ $? -ne 0 ] ; then... fi
you can just use||
? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"
– Xen2050
Mar 16 '16 at 11:18
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f27770%2fis-there-a-tool-to-encrypt-a-file-or-directory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
7 Answers
7
active
oldest
votes
7 Answers
7
active
oldest
votes
active
oldest
votes
active
oldest
votes
GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.
For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.
For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:
gpg --symmetric < unencrypted_file > encrypted_file
Decryption:
gpg --decrypt < encrypted_file > decrypted_file
Note that gpg
caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache
option as described in a related answer.
Manual page of gpg.
old answer for users who are able to chose good keys, see note below
For single files, openssl
is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.
NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.
Encrypt:
openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file
You'll be asked for a password, which you have to input twice.
Decrypt:
openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file
Manual page for the enc program.
1openssl enc
uses the digest function defined by the -md
option (default md5) and invokes function EVP_BytesToKey()
with an iteration count of 1. This can be found in the openssl source at apps/enc.c
.
Is there a way to do this without a passpharse?
– Assaf Lavie
Mar 2 '11 at 4:32
@Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.
– Lekensteyn
Mar 2 '11 at 14:32
additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "
– v2r
Feb 24 '12 at 17:06
@v2r To add for further readers:-a
base64-encodes the input (alias of-base64
), to decrypt it you also need to add the-a
option.
– Lekensteyn
Feb 24 '12 at 17:14
1
@Lucioaes-256
is an alias foraes-256-cbc
, there is no difference. CBC is a mode of operation for block ciphers. See the manual page ofenc(1)
for a list of supported ciphers.
– Lekensteyn
Dec 19 '13 at 10:21
|
show 4 more comments
GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.
For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.
For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:
gpg --symmetric < unencrypted_file > encrypted_file
Decryption:
gpg --decrypt < encrypted_file > decrypted_file
Note that gpg
caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache
option as described in a related answer.
Manual page of gpg.
old answer for users who are able to chose good keys, see note below
For single files, openssl
is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.
NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.
Encrypt:
openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file
You'll be asked for a password, which you have to input twice.
Decrypt:
openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file
Manual page for the enc program.
1openssl enc
uses the digest function defined by the -md
option (default md5) and invokes function EVP_BytesToKey()
with an iteration count of 1. This can be found in the openssl source at apps/enc.c
.
Is there a way to do this without a passpharse?
– Assaf Lavie
Mar 2 '11 at 4:32
@Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.
– Lekensteyn
Mar 2 '11 at 14:32
additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "
– v2r
Feb 24 '12 at 17:06
@v2r To add for further readers:-a
base64-encodes the input (alias of-base64
), to decrypt it you also need to add the-a
option.
– Lekensteyn
Feb 24 '12 at 17:14
1
@Lucioaes-256
is an alias foraes-256-cbc
, there is no difference. CBC is a mode of operation for block ciphers. See the manual page ofenc(1)
for a list of supported ciphers.
– Lekensteyn
Dec 19 '13 at 10:21
|
show 4 more comments
GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.
For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.
For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:
gpg --symmetric < unencrypted_file > encrypted_file
Decryption:
gpg --decrypt < encrypted_file > decrypted_file
Note that gpg
caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache
option as described in a related answer.
Manual page of gpg.
old answer for users who are able to chose good keys, see note below
For single files, openssl
is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.
NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.
Encrypt:
openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file
You'll be asked for a password, which you have to input twice.
Decrypt:
openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file
Manual page for the enc program.
1openssl enc
uses the digest function defined by the -md
option (default md5) and invokes function EVP_BytesToKey()
with an iteration count of 1. This can be found in the openssl source at apps/enc.c
.
GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.
For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.
For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:
gpg --symmetric < unencrypted_file > encrypted_file
Decryption:
gpg --decrypt < encrypted_file > decrypted_file
Note that gpg
caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache
option as described in a related answer.
Manual page of gpg.
old answer for users who are able to chose good keys, see note below
For single files, openssl
is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.
NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.
Encrypt:
openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file
You'll be asked for a password, which you have to input twice.
Decrypt:
openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file
Manual page for the enc program.
1openssl enc
uses the digest function defined by the -md
option (default md5) and invokes function EVP_BytesToKey()
with an iteration count of 1. This can be found in the openssl source at apps/enc.c
.
edited 17 mins ago
Sergiy Kolodyazhnyy
71.5k9147313
71.5k9147313
answered Feb 23 '11 at 20:08
LekensteynLekensteyn
121k48266357
121k48266357
Is there a way to do this without a passpharse?
– Assaf Lavie
Mar 2 '11 at 4:32
@Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.
– Lekensteyn
Mar 2 '11 at 14:32
additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "
– v2r
Feb 24 '12 at 17:06
@v2r To add for further readers:-a
base64-encodes the input (alias of-base64
), to decrypt it you also need to add the-a
option.
– Lekensteyn
Feb 24 '12 at 17:14
1
@Lucioaes-256
is an alias foraes-256-cbc
, there is no difference. CBC is a mode of operation for block ciphers. See the manual page ofenc(1)
for a list of supported ciphers.
– Lekensteyn
Dec 19 '13 at 10:21
|
show 4 more comments
Is there a way to do this without a passpharse?
– Assaf Lavie
Mar 2 '11 at 4:32
@Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.
– Lekensteyn
Mar 2 '11 at 14:32
additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "
– v2r
Feb 24 '12 at 17:06
@v2r To add for further readers:-a
base64-encodes the input (alias of-base64
), to decrypt it you also need to add the-a
option.
– Lekensteyn
Feb 24 '12 at 17:14
1
@Lucioaes-256
is an alias foraes-256-cbc
, there is no difference. CBC is a mode of operation for block ciphers. See the manual page ofenc(1)
for a list of supported ciphers.
– Lekensteyn
Dec 19 '13 at 10:21
Is there a way to do this without a passpharse?
– Assaf Lavie
Mar 2 '11 at 4:32
Is there a way to do this without a passpharse?
– Assaf Lavie
Mar 2 '11 at 4:32
@Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.
– Lekensteyn
Mar 2 '11 at 14:32
@Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.
– Lekensteyn
Mar 2 '11 at 14:32
additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "
– v2r
Feb 24 '12 at 17:06
additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "
– v2r
Feb 24 '12 at 17:06
@v2r To add for further readers:
-a
base64-encodes the input (alias of -base64
), to decrypt it you also need to add the -a
option.– Lekensteyn
Feb 24 '12 at 17:14
@v2r To add for further readers:
-a
base64-encodes the input (alias of -base64
), to decrypt it you also need to add the -a
option.– Lekensteyn
Feb 24 '12 at 17:14
1
1
@Lucio
aes-256
is an alias for aes-256-cbc
, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1)
for a list of supported ciphers.– Lekensteyn
Dec 19 '13 at 10:21
@Lucio
aes-256
is an alias for aes-256-cbc
, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1)
for a list of supported ciphers.– Lekensteyn
Dec 19 '13 at 10:21
|
show 4 more comments
I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus:
To get nautilus integration, install the package seahorse-nautilus
from the Software Center: seahorse-nautilus
3
this only works if you have a GPGs keys created in your system ...
– hhlp
Feb 23 '11 at 19:33
3
@hhlp: djeikyb's answer explains how to do that.
– idbrii
Mar 25 '11 at 18:21
1
I'm wanting to encrypt my GPG key.
– KI4JGT
Jun 16 '14 at 17:37
add a comment |
I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus:
To get nautilus integration, install the package seahorse-nautilus
from the Software Center: seahorse-nautilus
3
this only works if you have a GPGs keys created in your system ...
– hhlp
Feb 23 '11 at 19:33
3
@hhlp: djeikyb's answer explains how to do that.
– idbrii
Mar 25 '11 at 18:21
1
I'm wanting to encrypt my GPG key.
– KI4JGT
Jun 16 '14 at 17:37
add a comment |
I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus:
To get nautilus integration, install the package seahorse-nautilus
from the Software Center: seahorse-nautilus
I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus:
To get nautilus integration, install the package seahorse-nautilus
from the Software Center: seahorse-nautilus
edited Mar 11 '17 at 19:00
Community♦
1
1
answered Feb 23 '11 at 19:17
passypassy
94911019
94911019
3
this only works if you have a GPGs keys created in your system ...
– hhlp
Feb 23 '11 at 19:33
3
@hhlp: djeikyb's answer explains how to do that.
– idbrii
Mar 25 '11 at 18:21
1
I'm wanting to encrypt my GPG key.
– KI4JGT
Jun 16 '14 at 17:37
add a comment |
3
this only works if you have a GPGs keys created in your system ...
– hhlp
Feb 23 '11 at 19:33
3
@hhlp: djeikyb's answer explains how to do that.
– idbrii
Mar 25 '11 at 18:21
1
I'm wanting to encrypt my GPG key.
– KI4JGT
Jun 16 '14 at 17:37
3
3
this only works if you have a GPGs keys created in your system ...
– hhlp
Feb 23 '11 at 19:33
this only works if you have a GPGs keys created in your system ...
– hhlp
Feb 23 '11 at 19:33
3
3
@hhlp: djeikyb's answer explains how to do that.
– idbrii
Mar 25 '11 at 18:21
@hhlp: djeikyb's answer explains how to do that.
– idbrii
Mar 25 '11 at 18:21
1
1
I'm wanting to encrypt my GPG key.
– KI4JGT
Jun 16 '14 at 17:37
I'm wanting to encrypt my GPG key.
– KI4JGT
Jun 16 '14 at 17:37
add a comment |
- EncFS system tray applet for GNOME cryptkeeper
TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.
2
+1, encfs - with or without a GUI - is very useful and enough for most purposes.
– loevborg
Feb 23 '11 at 18:58
3
Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).
– Scaine
Feb 23 '11 at 20:27
TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.
– MagicFab
Oct 1 '13 at 23:08
2
TrueCrypt is not that open-source. en.wikipedia.org/wiki/…
– yuric
Dec 20 '13 at 1:42
4
'WARNING: Using TrueCrypt is not secure' - TrueCrypt
– user457015
May 30 '14 at 11:15
|
show 3 more comments
- EncFS system tray applet for GNOME cryptkeeper
TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.
2
+1, encfs - with or without a GUI - is very useful and enough for most purposes.
– loevborg
Feb 23 '11 at 18:58
3
Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).
– Scaine
Feb 23 '11 at 20:27
TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.
– MagicFab
Oct 1 '13 at 23:08
2
TrueCrypt is not that open-source. en.wikipedia.org/wiki/…
– yuric
Dec 20 '13 at 1:42
4
'WARNING: Using TrueCrypt is not secure' - TrueCrypt
– user457015
May 30 '14 at 11:15
|
show 3 more comments
- EncFS system tray applet for GNOME cryptkeeper
TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.
- EncFS system tray applet for GNOME cryptkeeper
TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.
edited Dec 24 '18 at 3:02
Pablo Bianchi
2,4751532
2,4751532
answered Feb 23 '11 at 18:57
hhlphhlp
32.3k1478131
32.3k1478131
2
+1, encfs - with or without a GUI - is very useful and enough for most purposes.
– loevborg
Feb 23 '11 at 18:58
3
Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).
– Scaine
Feb 23 '11 at 20:27
TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.
– MagicFab
Oct 1 '13 at 23:08
2
TrueCrypt is not that open-source. en.wikipedia.org/wiki/…
– yuric
Dec 20 '13 at 1:42
4
'WARNING: Using TrueCrypt is not secure' - TrueCrypt
– user457015
May 30 '14 at 11:15
|
show 3 more comments
2
+1, encfs - with or without a GUI - is very useful and enough for most purposes.
– loevborg
Feb 23 '11 at 18:58
3
Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).
– Scaine
Feb 23 '11 at 20:27
TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.
– MagicFab
Oct 1 '13 at 23:08
2
TrueCrypt is not that open-source. en.wikipedia.org/wiki/…
– yuric
Dec 20 '13 at 1:42
4
'WARNING: Using TrueCrypt is not secure' - TrueCrypt
– user457015
May 30 '14 at 11:15
2
2
+1, encfs - with or without a GUI - is very useful and enough for most purposes.
– loevborg
Feb 23 '11 at 18:58
+1, encfs - with or without a GUI - is very useful and enough for most purposes.
– loevborg
Feb 23 '11 at 18:58
3
3
Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).
– Scaine
Feb 23 '11 at 20:27
Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).
– Scaine
Feb 23 '11 at 20:27
TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.
– MagicFab
Oct 1 '13 at 23:08
TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.
– MagicFab
Oct 1 '13 at 23:08
2
2
TrueCrypt is not that open-source. en.wikipedia.org/wiki/…
– yuric
Dec 20 '13 at 1:42
TrueCrypt is not that open-source. en.wikipedia.org/wiki/…
– yuric
Dec 20 '13 at 1:42
4
4
'WARNING: Using TrueCrypt is not secure' - TrueCrypt
– user457015
May 30 '14 at 11:15
'WARNING: Using TrueCrypt is not secure' - TrueCrypt
– user457015
May 30 '14 at 11:15
|
show 3 more comments
A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.
First run gpg --gen-key
. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt
. This will create a file called foo.txt.gpg
. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg
. Decrypting will prompt you before overwriting existing files.
If you need to encrypt a directory, tar it first:
tar -cf foo.tar foo/
gpg -e foo.tar
You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.
2
The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).
– Panther
Dec 20 '13 at 2:20
add a comment |
A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.
First run gpg --gen-key
. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt
. This will create a file called foo.txt.gpg
. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg
. Decrypting will prompt you before overwriting existing files.
If you need to encrypt a directory, tar it first:
tar -cf foo.tar foo/
gpg -e foo.tar
You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.
2
The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).
– Panther
Dec 20 '13 at 2:20
add a comment |
A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.
First run gpg --gen-key
. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt
. This will create a file called foo.txt.gpg
. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg
. Decrypting will prompt you before overwriting existing files.
If you need to encrypt a directory, tar it first:
tar -cf foo.tar foo/
gpg -e foo.tar
You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.
A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.
First run gpg --gen-key
. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt
. This will create a file called foo.txt.gpg
. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg
. Decrypting will prompt you before overwriting existing files.
If you need to encrypt a directory, tar it first:
tar -cf foo.tar foo/
gpg -e foo.tar
You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.
edited Sep 3 '16 at 7:03
answered Feb 23 '11 at 23:28
djeikybdjeikyb
20.9k74682
20.9k74682
2
The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).
– Panther
Dec 20 '13 at 2:20
add a comment |
2
The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).
– Panther
Dec 20 '13 at 2:20
2
2
The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).
– Panther
Dec 20 '13 at 2:20
The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).
– Panther
Dec 20 '13 at 2:20
add a comment |
There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.
You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private
by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private
, recursively, will be encrypted.
Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version
– ruX
Jan 30 '13 at 13:10
On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's
– Xen2050
Dec 28 '14 at 13:13
add a comment |
There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.
You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private
by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private
, recursively, will be encrypted.
Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version
– ruX
Jan 30 '13 at 13:10
On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's
– Xen2050
Dec 28 '14 at 13:13
add a comment |
There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.
You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private
by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private
, recursively, will be encrypted.
There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.
You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private
by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private
, recursively, will be encrypted.
answered Feb 24 '12 at 16:59
Dustin KirklandDustin Kirkland
10.9k25985
10.9k25985
Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version
– ruX
Jan 30 '13 at 13:10
On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's
– Xen2050
Dec 28 '14 at 13:13
add a comment |
Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version
– ruX
Jan 30 '13 at 13:10
On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's
– Xen2050
Dec 28 '14 at 13:13
Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version
– ruX
Jan 30 '13 at 13:10
Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version
– ruX
Jan 30 '13 at 13:10
On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's
– Xen2050
Dec 28 '14 at 13:13
On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's
– Xen2050
Dec 28 '14 at 13:13
add a comment |
You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
Its homepage is here: https://www.academic-signature.org
I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)
add a comment |
You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
Its homepage is here: https://www.academic-signature.org
I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)
add a comment |
You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
Its homepage is here: https://www.academic-signature.org
I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)
You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
Its homepage is here: https://www.academic-signature.org
I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)
edited Sep 4 '18 at 9:17
Community♦
1
1
answered Dec 4 '13 at 9:20
Michael AndersMichael Anders
211
211
add a comment |
add a comment |
I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)
https://github.com/orionM/ssl-crypt-tools
enjoy
1
hmm, bash script usingopenssl aes-256-cbc ...
You know instead of usingif [ $? -ne 0 ] ; then... fi
you can just use||
? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"
– Xen2050
Mar 16 '16 at 11:18
add a comment |
I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)
https://github.com/orionM/ssl-crypt-tools
enjoy
1
hmm, bash script usingopenssl aes-256-cbc ...
You know instead of usingif [ $? -ne 0 ] ; then... fi
you can just use||
? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"
– Xen2050
Mar 16 '16 at 11:18
add a comment |
I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)
https://github.com/orionM/ssl-crypt-tools
enjoy
I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)
https://github.com/orionM/ssl-crypt-tools
enjoy
answered Aug 14 '14 at 20:07
private_nodezprivate_nodez
192
192
1
hmm, bash script usingopenssl aes-256-cbc ...
You know instead of usingif [ $? -ne 0 ] ; then... fi
you can just use||
? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"
– Xen2050
Mar 16 '16 at 11:18
add a comment |
1
hmm, bash script usingopenssl aes-256-cbc ...
You know instead of usingif [ $? -ne 0 ] ; then... fi
you can just use||
? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"
– Xen2050
Mar 16 '16 at 11:18
1
1
hmm, bash script using
openssl aes-256-cbc ...
You know instead of using if [ $? -ne 0 ] ; then... fi
you can just use ||
? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"– Xen2050
Mar 16 '16 at 11:18
hmm, bash script using
openssl aes-256-cbc ...
You know instead of using if [ $? -ne 0 ] ; then... fi
you can just use ||
? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"– Xen2050
Mar 16 '16 at 11:18
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f27770%2fis-there-a-tool-to-encrypt-a-file-or-directory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?
– psusi
Feb 23 '11 at 19:15
4
Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?
– belacqua
Feb 23 '11 at 19:23
7
I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.
– JanC
Feb 23 '11 at 22:02