Is there a tool to encrypt a file or directory?












66















What's the most popular way to encrypt individual files or folders?










share|improve this question

























  • Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?

    – psusi
    Feb 23 '11 at 19:15






  • 4





    Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?

    – belacqua
    Feb 23 '11 at 19:23






  • 7





    I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.

    – JanC
    Feb 23 '11 at 22:02
















66















What's the most popular way to encrypt individual files or folders?










share|improve this question

























  • Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?

    – psusi
    Feb 23 '11 at 19:15






  • 4





    Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?

    – belacqua
    Feb 23 '11 at 19:23






  • 7





    I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.

    – JanC
    Feb 23 '11 at 22:02














66












66








66


30






What's the most popular way to encrypt individual files or folders?










share|improve this question
















What's the most popular way to encrypt individual files or folders?







software-recommendation files encryption directory






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 24 '15 at 11:10









landroni

4,24462249




4,24462249










asked Feb 23 '11 at 18:49









KimKim

1,35441825




1,35441825













  • Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?

    – psusi
    Feb 23 '11 at 19:15






  • 4





    Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?

    – belacqua
    Feb 23 '11 at 19:23






  • 7





    I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.

    – JanC
    Feb 23 '11 at 22:02



















  • Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?

    – psusi
    Feb 23 '11 at 19:15






  • 4





    Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?

    – belacqua
    Feb 23 '11 at 19:23






  • 7





    I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.

    – JanC
    Feb 23 '11 at 22:02

















Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?

– psusi
Feb 23 '11 at 19:15





Question is a bit unclear. Do you want to manually encrypt and decrypt files, or on the fly?

– psusi
Feb 23 '11 at 19:15




4




4





Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?

– belacqua
Feb 23 '11 at 19:23





Instead of 'most popular' , fitting a solution to your requirements might be helpful (as per psusi's question). Are you looking for a combination of easy, reliable, native, secure, fast, open source? All or some of these?

– belacqua
Feb 23 '11 at 19:23




7




7





I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.

– JanC
Feb 23 '11 at 22:02





I'd like to add the remark that contrary to what some answers claim, TrueCrypt is not considered Free Software or Open Source by Debian/Ubuntu/Fedora/Red Hat/Arch Linux/OpenSuse/Gentoo/etc.

– JanC
Feb 23 '11 at 22:02










7 Answers
7






active

oldest

votes


















44





+50









GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.



For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.



For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:



gpg --symmetric < unencrypted_file > encrypted_file


Decryption:



gpg --decrypt < encrypted_file > decrypted_file


Note that gpg caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache option as described in a related answer.



Manual page of gpg.





old answer for users who are able to chose good keys, see note below



For single files, openssl is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.



NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.



Encrypt:



openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file


You'll be asked for a password, which you have to input twice.



Decrypt:



openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file


Manual page for the enc program.



1openssl enc uses the digest function defined by the -md option (default md5) and invokes function EVP_BytesToKey() with an iteration count of 1. This can be found in the openssl source at apps/enc.c.






share|improve this answer


























  • Is there a way to do this without a passpharse?

    – Assaf Lavie
    Mar 2 '11 at 4:32











  • @Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.

    – Lekensteyn
    Mar 2 '11 at 14:32













  • additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "

    – v2r
    Feb 24 '12 at 17:06













  • @v2r To add for further readers: -a base64-encodes the input (alias of -base64), to decrypt it you also need to add the -a option.

    – Lekensteyn
    Feb 24 '12 at 17:14






  • 1





    @Lucio aes-256 is an alias for aes-256-cbc, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1) for a list of supported ciphers.

    – Lekensteyn
    Dec 19 '13 at 10:21



















30














I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus: Nautilus integration



To get nautilus integration, install the package seahorse-nautilus from the Software Center: seahorse-nautilus Install seahorse-nautilus






share|improve this answer





















  • 3





    this only works if you have a GPGs keys created in your system ...

    – hhlp
    Feb 23 '11 at 19:33






  • 3





    @hhlp: djeikyb's answer explains how to do that.

    – idbrii
    Mar 25 '11 at 18:21






  • 1





    I'm wanting to encrypt my GPG key.

    – KI4JGT
    Jun 16 '14 at 17:37



















19















  • EncFS system tray applet for GNOME cryptkeeper


TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.






share|improve this answer





















  • 2





    +1, encfs - with or without a GUI - is very useful and enough for most purposes.

    – loevborg
    Feb 23 '11 at 18:58






  • 3





    Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).

    – Scaine
    Feb 23 '11 at 20:27











  • TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.

    – MagicFab
    Oct 1 '13 at 23:08






  • 2





    TrueCrypt is not that open-source. en.wikipedia.org/wiki/…

    – yuric
    Dec 20 '13 at 1:42






  • 4





    'WARNING: Using TrueCrypt is not secure' - TrueCrypt

    – user457015
    May 30 '14 at 11:15



















15














A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.



First run gpg --gen-key. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt. This will create a file called foo.txt.gpg. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg. Decrypting will prompt you before overwriting existing files.



If you need to encrypt a directory, tar it first:



tar -cf foo.tar foo/
gpg -e foo.tar


You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.






share|improve this answer





















  • 2





    The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).

    – Panther
    Dec 20 '13 at 2:20



















13














There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.



You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private, recursively, will be encrypted.






share|improve this answer
























  • Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version

    – ruX
    Jan 30 '13 at 13:10











  • On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's

    – Xen2050
    Dec 28 '14 at 13:13



















2














You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
Its homepage is here: https://www.academic-signature.org



I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)






share|improve this answer

































    1














    I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)



    https://github.com/orionM/ssl-crypt-tools



    enjoy






    share|improve this answer



















    • 1





      hmm, bash script using openssl aes-256-cbc ... You know instead of using if [ $? -ne 0 ] ; then... fi you can just use ||? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"

      – Xen2050
      Mar 16 '16 at 11:18











    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f27770%2fis-there-a-tool-to-encrypt-a-file-or-directory%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    7 Answers
    7






    active

    oldest

    votes








    7 Answers
    7






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    44





    +50









    GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.



    For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.



    For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:



    gpg --symmetric < unencrypted_file > encrypted_file


    Decryption:



    gpg --decrypt < encrypted_file > decrypted_file


    Note that gpg caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache option as described in a related answer.



    Manual page of gpg.





    old answer for users who are able to chose good keys, see note below



    For single files, openssl is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.



    NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.



    Encrypt:



    openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file


    You'll be asked for a password, which you have to input twice.



    Decrypt:



    openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file


    Manual page for the enc program.



    1openssl enc uses the digest function defined by the -md option (default md5) and invokes function EVP_BytesToKey() with an iteration count of 1. This can be found in the openssl source at apps/enc.c.






    share|improve this answer


























    • Is there a way to do this without a passpharse?

      – Assaf Lavie
      Mar 2 '11 at 4:32











    • @Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.

      – Lekensteyn
      Mar 2 '11 at 14:32













    • additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "

      – v2r
      Feb 24 '12 at 17:06













    • @v2r To add for further readers: -a base64-encodes the input (alias of -base64), to decrypt it you also need to add the -a option.

      – Lekensteyn
      Feb 24 '12 at 17:14






    • 1





      @Lucio aes-256 is an alias for aes-256-cbc, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1) for a list of supported ciphers.

      – Lekensteyn
      Dec 19 '13 at 10:21
















    44





    +50









    GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.



    For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.



    For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:



    gpg --symmetric < unencrypted_file > encrypted_file


    Decryption:



    gpg --decrypt < encrypted_file > decrypted_file


    Note that gpg caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache option as described in a related answer.



    Manual page of gpg.





    old answer for users who are able to chose good keys, see note below



    For single files, openssl is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.



    NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.



    Encrypt:



    openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file


    You'll be asked for a password, which you have to input twice.



    Decrypt:



    openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file


    Manual page for the enc program.



    1openssl enc uses the digest function defined by the -md option (default md5) and invokes function EVP_BytesToKey() with an iteration count of 1. This can be found in the openssl source at apps/enc.c.






    share|improve this answer


























    • Is there a way to do this without a passpharse?

      – Assaf Lavie
      Mar 2 '11 at 4:32











    • @Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.

      – Lekensteyn
      Mar 2 '11 at 14:32













    • additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "

      – v2r
      Feb 24 '12 at 17:06













    • @v2r To add for further readers: -a base64-encodes the input (alias of -base64), to decrypt it you also need to add the -a option.

      – Lekensteyn
      Feb 24 '12 at 17:14






    • 1





      @Lucio aes-256 is an alias for aes-256-cbc, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1) for a list of supported ciphers.

      – Lekensteyn
      Dec 19 '13 at 10:21














    44





    +50







    44





    +50



    44




    +50





    GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.



    For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.



    For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:



    gpg --symmetric < unencrypted_file > encrypted_file


    Decryption:



    gpg --decrypt < encrypted_file > decrypted_file


    Note that gpg caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache option as described in a related answer.



    Manual page of gpg.





    old answer for users who are able to chose good keys, see note below



    For single files, openssl is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.



    NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.



    Encrypt:



    openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file


    You'll be asked for a password, which you have to input twice.



    Decrypt:



    openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file


    Manual page for the enc program.



    1openssl enc uses the digest function defined by the -md option (default md5) and invokes function EVP_BytesToKey() with an iteration count of 1. This can be found in the openssl source at apps/enc.c.






    share|improve this answer















    GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.



    For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.



    For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:



    gpg --symmetric < unencrypted_file > encrypted_file


    Decryption:



    gpg --decrypt < encrypted_file > decrypted_file


    Note that gpg caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache option as described in a related answer.



    Manual page of gpg.





    old answer for users who are able to chose good keys, see note below



    For single files, openssl is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.



    NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.



    Encrypt:



    openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file


    You'll be asked for a password, which you have to input twice.



    Decrypt:



    openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file


    Manual page for the enc program.



    1openssl enc uses the digest function defined by the -md option (default md5) and invokes function EVP_BytesToKey() with an iteration count of 1. This can be found in the openssl source at apps/enc.c.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 17 mins ago









    Sergiy Kolodyazhnyy

    71.5k9147313




    71.5k9147313










    answered Feb 23 '11 at 20:08









    LekensteynLekensteyn

    121k48266357




    121k48266357













    • Is there a way to do this without a passpharse?

      – Assaf Lavie
      Mar 2 '11 at 4:32











    • @Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.

      – Lekensteyn
      Mar 2 '11 at 14:32













    • additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "

      – v2r
      Feb 24 '12 at 17:06













    • @v2r To add for further readers: -a base64-encodes the input (alias of -base64), to decrypt it you also need to add the -a option.

      – Lekensteyn
      Feb 24 '12 at 17:14






    • 1





      @Lucio aes-256 is an alias for aes-256-cbc, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1) for a list of supported ciphers.

      – Lekensteyn
      Dec 19 '13 at 10:21



















    • Is there a way to do this without a passpharse?

      – Assaf Lavie
      Mar 2 '11 at 4:32











    • @Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.

      – Lekensteyn
      Mar 2 '11 at 14:32













    • additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "

      – v2r
      Feb 24 '12 at 17:06













    • @v2r To add for further readers: -a base64-encodes the input (alias of -base64), to decrypt it you also need to add the -a option.

      – Lekensteyn
      Feb 24 '12 at 17:14






    • 1





      @Lucio aes-256 is an alias for aes-256-cbc, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1) for a list of supported ciphers.

      – Lekensteyn
      Dec 19 '13 at 10:21

















    Is there a way to do this without a passpharse?

    – Assaf Lavie
    Mar 2 '11 at 4:32





    Is there a way to do this without a passpharse?

    – Assaf Lavie
    Mar 2 '11 at 4:32













    @Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.

    – Lekensteyn
    Mar 2 '11 at 14:32







    @Assaf Lavie: OpenSSL does not support keyfiles if you meant that, although it can read a password from the first line of a file. Read the manual page on openssl, section Pass phrase arguments.

    – Lekensteyn
    Mar 2 '11 at 14:32















    additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "

    – v2r
    Feb 24 '12 at 17:06







    additionally you can use the "-a" flag which allows you to copy the crypted text, like so: "openssl aes-256-cbc -a -salt -in unencrypted_file -out encrypted_file "

    – v2r
    Feb 24 '12 at 17:06















    @v2r To add for further readers: -a base64-encodes the input (alias of -base64), to decrypt it you also need to add the -a option.

    – Lekensteyn
    Feb 24 '12 at 17:14





    @v2r To add for further readers: -a base64-encodes the input (alias of -base64), to decrypt it you also need to add the -a option.

    – Lekensteyn
    Feb 24 '12 at 17:14




    1




    1





    @Lucio aes-256 is an alias for aes-256-cbc, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1) for a list of supported ciphers.

    – Lekensteyn
    Dec 19 '13 at 10:21





    @Lucio aes-256 is an alias for aes-256-cbc, there is no difference. CBC is a mode of operation for block ciphers. See the manual page of enc(1) for a list of supported ciphers.

    – Lekensteyn
    Dec 19 '13 at 10:21













    30














    I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus: Nautilus integration



    To get nautilus integration, install the package seahorse-nautilus from the Software Center: seahorse-nautilus Install seahorse-nautilus






    share|improve this answer





















    • 3





      this only works if you have a GPGs keys created in your system ...

      – hhlp
      Feb 23 '11 at 19:33






    • 3





      @hhlp: djeikyb's answer explains how to do that.

      – idbrii
      Mar 25 '11 at 18:21






    • 1





      I'm wanting to encrypt my GPG key.

      – KI4JGT
      Jun 16 '14 at 17:37
















    30














    I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus: Nautilus integration



    To get nautilus integration, install the package seahorse-nautilus from the Software Center: seahorse-nautilus Install seahorse-nautilus






    share|improve this answer





















    • 3





      this only works if you have a GPGs keys created in your system ...

      – hhlp
      Feb 23 '11 at 19:33






    • 3





      @hhlp: djeikyb's answer explains how to do that.

      – idbrii
      Mar 25 '11 at 18:21






    • 1





      I'm wanting to encrypt my GPG key.

      – KI4JGT
      Jun 16 '14 at 17:37














    30












    30








    30







    I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus: Nautilus integration



    To get nautilus integration, install the package seahorse-nautilus from the Software Center: seahorse-nautilus Install seahorse-nautilus






    share|improve this answer















    I use Seahorse for this. It's a Gnome front-end for GnuPG and integrates well with nautilus: Nautilus integration



    To get nautilus integration, install the package seahorse-nautilus from the Software Center: seahorse-nautilus Install seahorse-nautilus







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Mar 11 '17 at 19:00









    Community

    1




    1










    answered Feb 23 '11 at 19:17









    passypassy

    94911019




    94911019








    • 3





      this only works if you have a GPGs keys created in your system ...

      – hhlp
      Feb 23 '11 at 19:33






    • 3





      @hhlp: djeikyb's answer explains how to do that.

      – idbrii
      Mar 25 '11 at 18:21






    • 1





      I'm wanting to encrypt my GPG key.

      – KI4JGT
      Jun 16 '14 at 17:37














    • 3





      this only works if you have a GPGs keys created in your system ...

      – hhlp
      Feb 23 '11 at 19:33






    • 3





      @hhlp: djeikyb's answer explains how to do that.

      – idbrii
      Mar 25 '11 at 18:21






    • 1





      I'm wanting to encrypt my GPG key.

      – KI4JGT
      Jun 16 '14 at 17:37








    3




    3





    this only works if you have a GPGs keys created in your system ...

    – hhlp
    Feb 23 '11 at 19:33





    this only works if you have a GPGs keys created in your system ...

    – hhlp
    Feb 23 '11 at 19:33




    3




    3





    @hhlp: djeikyb's answer explains how to do that.

    – idbrii
    Mar 25 '11 at 18:21





    @hhlp: djeikyb's answer explains how to do that.

    – idbrii
    Mar 25 '11 at 18:21




    1




    1





    I'm wanting to encrypt my GPG key.

    – KI4JGT
    Jun 16 '14 at 17:37





    I'm wanting to encrypt my GPG key.

    – KI4JGT
    Jun 16 '14 at 17:37











    19















    • EncFS system tray applet for GNOME cryptkeeper


    TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.






    share|improve this answer





















    • 2





      +1, encfs - with or without a GUI - is very useful and enough for most purposes.

      – loevborg
      Feb 23 '11 at 18:58






    • 3





      Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).

      – Scaine
      Feb 23 '11 at 20:27











    • TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.

      – MagicFab
      Oct 1 '13 at 23:08






    • 2





      TrueCrypt is not that open-source. en.wikipedia.org/wiki/…

      – yuric
      Dec 20 '13 at 1:42






    • 4





      'WARNING: Using TrueCrypt is not secure' - TrueCrypt

      – user457015
      May 30 '14 at 11:15
















    19















    • EncFS system tray applet for GNOME cryptkeeper


    TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.






    share|improve this answer





















    • 2





      +1, encfs - with or without a GUI - is very useful and enough for most purposes.

      – loevborg
      Feb 23 '11 at 18:58






    • 3





      Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).

      – Scaine
      Feb 23 '11 at 20:27











    • TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.

      – MagicFab
      Oct 1 '13 at 23:08






    • 2





      TrueCrypt is not that open-source. en.wikipedia.org/wiki/…

      – yuric
      Dec 20 '13 at 1:42






    • 4





      'WARNING: Using TrueCrypt is not secure' - TrueCrypt

      – user457015
      May 30 '14 at 11:15














    19












    19








    19








    • EncFS system tray applet for GNOME cryptkeeper


    TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.






    share|improve this answer
















    • EncFS system tray applet for GNOME cryptkeeper


    TrueCrypt: discontinued, unsecure source-available freeware Disk Encryption Software.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Dec 24 '18 at 3:02









    Pablo Bianchi

    2,4751532




    2,4751532










    answered Feb 23 '11 at 18:57









    hhlphhlp

    32.3k1478131




    32.3k1478131








    • 2





      +1, encfs - with or without a GUI - is very useful and enough for most purposes.

      – loevborg
      Feb 23 '11 at 18:58






    • 3





      Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).

      – Scaine
      Feb 23 '11 at 20:27











    • TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.

      – MagicFab
      Oct 1 '13 at 23:08






    • 2





      TrueCrypt is not that open-source. en.wikipedia.org/wiki/…

      – yuric
      Dec 20 '13 at 1:42






    • 4





      'WARNING: Using TrueCrypt is not secure' - TrueCrypt

      – user457015
      May 30 '14 at 11:15














    • 2





      +1, encfs - with or without a GUI - is very useful and enough for most purposes.

      – loevborg
      Feb 23 '11 at 18:58






    • 3





      Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).

      – Scaine
      Feb 23 '11 at 20:27











    • TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.

      – MagicFab
      Oct 1 '13 at 23:08






    • 2





      TrueCrypt is not that open-source. en.wikipedia.org/wiki/…

      – yuric
      Dec 20 '13 at 1:42






    • 4





      'WARNING: Using TrueCrypt is not secure' - TrueCrypt

      – user457015
      May 30 '14 at 11:15








    2




    2





    +1, encfs - with or without a GUI - is very useful and enough for most purposes.

    – loevborg
    Feb 23 '11 at 18:58





    +1, encfs - with or without a GUI - is very useful and enough for most purposes.

    – loevborg
    Feb 23 '11 at 18:58




    3




    3





    Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).

    – Scaine
    Feb 23 '11 at 20:27





    Cryptkeeper is awesome - simple, powerful and a breeze to set up with Dropbox (askubuntu.com/questions/19613/…).

    – Scaine
    Feb 23 '11 at 20:27













    TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.

    – MagicFab
    Oct 1 '13 at 23:08





    TrueCrypt is not packaged in Ubuntu (or any other major distributions) for licensing concerns.

    – MagicFab
    Oct 1 '13 at 23:08




    2




    2





    TrueCrypt is not that open-source. en.wikipedia.org/wiki/…

    – yuric
    Dec 20 '13 at 1:42





    TrueCrypt is not that open-source. en.wikipedia.org/wiki/…

    – yuric
    Dec 20 '13 at 1:42




    4




    4





    'WARNING: Using TrueCrypt is not secure' - TrueCrypt

    – user457015
    May 30 '14 at 11:15





    'WARNING: Using TrueCrypt is not secure' - TrueCrypt

    – user457015
    May 30 '14 at 11:15











    15














    A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.



    First run gpg --gen-key. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt. This will create a file called foo.txt.gpg. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg. Decrypting will prompt you before overwriting existing files.



    If you need to encrypt a directory, tar it first:



    tar -cf foo.tar foo/
    gpg -e foo.tar


    You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.






    share|improve this answer





















    • 2





      The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).

      – Panther
      Dec 20 '13 at 2:20
















    15














    A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.



    First run gpg --gen-key. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt. This will create a file called foo.txt.gpg. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg. Decrypting will prompt you before overwriting existing files.



    If you need to encrypt a directory, tar it first:



    tar -cf foo.tar foo/
    gpg -e foo.tar


    You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.






    share|improve this answer





















    • 2





      The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).

      – Panther
      Dec 20 '13 at 2:20














    15












    15








    15







    A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.



    First run gpg --gen-key. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt. This will create a file called foo.txt.gpg. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg. Decrypting will prompt you before overwriting existing files.



    If you need to encrypt a directory, tar it first:



    tar -cf foo.tar foo/
    gpg -e foo.tar


    You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.






    share|improve this answer















    A cli method would be GnuPG, and maybe tar. This is a short guide for reference, you really should read the documentation.



    First run gpg --gen-key. Follow the prompts to generate your public/private key pair. Now you can encrypt files: gpg -e foo.txt. This will create a file called foo.txt.gpg. GnuPG does not delete the original unencrypted file, it's up to you whether you want it hanging around. To decrypt foo.txt.gpg, run gpg foo.txt.gpg. Decrypting will prompt you before overwriting existing files.



    If you need to encrypt a directory, tar it first:



    tar -cf foo.tar foo/
    gpg -e foo.tar


    You can rename the encrypted file whatever you want. When decrypted, the original file name is preserved.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Sep 3 '16 at 7:03

























    answered Feb 23 '11 at 23:28









    djeikybdjeikyb

    20.9k74682




    20.9k74682








    • 2





      The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).

      – Panther
      Dec 20 '13 at 2:20














    • 2





      The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).

      – Panther
      Dec 20 '13 at 2:20








    2




    2





    The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).

    – Panther
    Dec 20 '13 at 2:20





    The advantages of this method are: First it does not require installation of additional packages; Second it does not require root access. I would add compression to the tar command (xz or gz).

    – Panther
    Dec 20 '13 at 2:20











    13














    There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.



    You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private, recursively, will be encrypted.






    share|improve this answer
























    • Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version

      – ruX
      Jan 30 '13 at 13:10











    • On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's

      – Xen2050
      Dec 28 '14 at 13:13
















    13














    There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.



    You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private, recursively, will be encrypted.






    share|improve this answer
























    • Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version

      – ruX
      Jan 30 '13 at 13:10











    • On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's

      – Xen2050
      Dec 28 '14 at 13:13














    13












    13








    13







    There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.



    You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private, recursively, will be encrypted.






    share|improve this answer













    There's also eCryptfs, which Ubuntu uses to encrypt Home Directories.



    You can select home directory encryption at installation, or you can setup a single directory, $HOME/Private by default, using the ecryptfs-setup-private utility. This folder can be configured to automatically mount at login and unmount at logout. Every single file and folder within $HOME/Private, recursively, will be encrypted.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Feb 24 '12 at 16:59









    Dustin KirklandDustin Kirkland

    10.9k25985




    10.9k25985













    • Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version

      – ruX
      Jan 30 '13 at 13:10











    • On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's

      – Xen2050
      Dec 28 '14 at 13:13



















    • Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version

      – ruX
      Jan 30 '13 at 13:10











    • On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's

      – Xen2050
      Dec 28 '14 at 13:13

















    Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version

    – ruX
    Jan 30 '13 at 13:10





    Unfortunately eCryptfs is VERY slow. Also there are few bugs in latest version

    – ruX
    Jan 30 '13 at 13:10













    On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's

    – Xen2050
    Dec 28 '14 at 13:13





    On the contrary, if anything eCryptfs is faster than gpg; by default gpg attempts to compress before encrypting. And eCryptfs is now also used by most Android's

    – Xen2050
    Dec 28 '14 at 13:13











    2














    You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
    It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
    Its homepage is here: https://www.academic-signature.org



    I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)






    share|improve this answer






























      2














      You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
      It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
      Its homepage is here: https://www.academic-signature.org



      I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)






      share|improve this answer




























        2












        2








        2







        You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
        It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
        Its homepage is here: https://www.academic-signature.org



        I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)






        share|improve this answer















        You may also use "Academic Signature" to use elliptic curve cryptography with a wxWidgets GUI. It is open source but not in the repositories.
        It mainly does ECC asymmetric encryption, signatures and timestamps. But the tool also has a Menu entry for invoking Gnupg(RSA) and direct access to symmetric en-/decryption of files offering AES and other algorithms.
        Its homepage is here: https://www.academic-signature.org



        I use it a lot for protecting files in transit and for digitally signing academic documents(transcripts, letters of recommendation, grade lists etc.)







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Sep 4 '18 at 9:17









        Community

        1




        1










        answered Dec 4 '13 at 9:20









        Michael AndersMichael Anders

        211




        211























            1














            I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)



            https://github.com/orionM/ssl-crypt-tools



            enjoy






            share|improve this answer



















            • 1





              hmm, bash script using openssl aes-256-cbc ... You know instead of using if [ $? -ne 0 ] ; then... fi you can just use ||? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"

              – Xen2050
              Mar 16 '16 at 11:18
















            1














            I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)



            https://github.com/orionM/ssl-crypt-tools



            enjoy






            share|improve this answer



















            • 1





              hmm, bash script using openssl aes-256-cbc ... You know instead of using if [ $? -ne 0 ] ; then... fi you can just use ||? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"

              – Xen2050
              Mar 16 '16 at 11:18














            1












            1








            1







            I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)



            https://github.com/orionM/ssl-crypt-tools



            enjoy






            share|improve this answer













            I've taken some of the other suggestions and created a simple shell script wrapper (for the lazy)



            https://github.com/orionM/ssl-crypt-tools



            enjoy







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Aug 14 '14 at 20:07









            private_nodezprivate_nodez

            192




            192








            • 1





              hmm, bash script using openssl aes-256-cbc ... You know instead of using if [ $? -ne 0 ] ; then... fi you can just use ||? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"

              – Xen2050
              Mar 16 '16 at 11:18














            • 1





              hmm, bash script using openssl aes-256-cbc ... You know instead of using if [ $? -ne 0 ] ; then... fi you can just use ||? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"

              – Xen2050
              Mar 16 '16 at 11:18








            1




            1





            hmm, bash script using openssl aes-256-cbc ... You know instead of using if [ $? -ne 0 ] ; then... fi you can just use ||? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"

            – Xen2050
            Mar 16 '16 at 11:18





            hmm, bash script using openssl aes-256-cbc ... You know instead of using if [ $? -ne 0 ] ; then... fi you can just use ||? And there are some people who think OpenSSL "* has had several major security flaws in the last year [Heartbleed] while the Snowden documents show that GPG is one of the few programs that might stump the NSA when used properly. The OpenSSL code is also a complete cesspool and has terrible test coverage. (Disclosure: [he] work[s] on a "OpenSSL sucks; let's fix it" project.) – jbarlow*"

            – Xen2050
            Mar 16 '16 at 11:18


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f27770%2fis-there-a-tool-to-encrypt-a-file-or-directory%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            GameSpot

            日野市

            Tu-95轟炸機