How can I create a self-contained encrypted file on Linux?

Question

I recently went through this little noob adventure on a Linux desktop:

1. Take a text file with sensitive info
2. PGP-encrypt it (e.g. with Seahorse)
3. Back it up
4. Reinstall OS, erase hard drive, drop computer in pool, etc, etc
5. Retrieve the encrypted file from backup, and gasp in horror to realize you can't decrypt it, even though you know the password, cause you didn't back up ~/.gnupg where your key was stored.

Why did I fall for this? Cause I used to be a Mac user, where I would create an encrypted sparse disk image, drop my file in it, and unmount. I could move this file all over the place, drop it onto any mac, mount, enter the password, and ta-da! As long as I remembered the password, all was good.

Anyone know how to do something like that with Linux?

(I hope this is related enough to programming for SOF... it's important for my programming job anyway!)

Answer 1

TrueCrypt is a user-friendly disk encryption solution which works on Linux (and other systems too).

Linux-only lower level solutions are dm-crypt and crpytoloop.

Answer 2

I use ccrypt, which is available in Cygwin as well.

   ccrypt is a utility for encrypting and decrypting files and streams. It
   was designed to replace the standard unix crypt utility, which is noto‐
   rious  for  using a very weak encryption algorithm.  ccrypt is based on
   the Rijndael block cipher, which was also chosen by the U.S. government
   as      the      Advanced     Encryption     Standard     (AES,     see
   http://www.nist.gov/aes/). This cipher  is  believed  to  provide  very
   strong cryptographic security.

Answer 3

I used mcrypt. It supports several modern encryption algorithms and it's pretty comon on linux machines (Or at least it's easy to obtain precompiled package on most distors).

Answer 4

Summary: when you want to do this, use the --symmetric option when encrypting.

Let's look at the details of what's really going on here; a little understanding often helps when trying to do things right.

When you encrypt a file using GnuPG, it uses "symmetric" encryption. That is to say, it uses a single key that will both encrypt the plaintext and decrypt the cyphertext. Why does it do this? Becuase the symmetric algorithms are much faster than the public/private key algorithms (where separate keys are used to encrypt and decrypt), and for other reasons we'll see later.

Where does it get this key it uses to encrypt the file? It makes up a random one. No, I'm not kidding you here.

Now at this point you might think we have a little issue. The file's encrypted with a random key, and nobody (except that particular GnuPG process) knows what it is. So what happens next?

Here's the trick: that random key is then encrypted with other keys, and stored in the file. This is how we allow multiple users to be able to decrypt the file. For example, the backups at my company are encrypted so that both I and my business partner can decrypt them: GnuPG encrypts the file encryption key with my public key and again with my partner's public key, and stores both of these with the encrypted data; now I, using my private key, can decrypt the copy encrypted with my public key (or he can do the same with his copy), retrieve the symmetric key used to encrypt the data, and decrypt it.

So what does --symmetric do? It just encrypts that random encryption key with a symmetric algorithm itself, this time using a key based on the supplied passphrase. Now anybody who knows the passphrase can also decrypt the file.

That's nice for on file, but this soon enough becomes inconvenient when you've got many files, encrypted with different passphrases so that different groups of people can get access to them, which is one reason why we usually use the public key systems instead.

But now you've learned, the hard way unfortunately, a very valuable lesson: your private key is important! If you lose that, you lose access to anything anybody's ever encrypted using your public key. Generate it once, keep it safe, and keep it backed up in several places.

What you wanted to do was was to add the --symmetric option to allow decrypting the file with just a passphrase.

The problem was that you encrypted the file with your public key, and when you do that, you need your secret key (stored in ~/.gnupg) to decrypt it.

Answer 5

ecryptfs is easy to set up and use.

• Upside: you don't reserve space in advance; it works as a layer on top of the filesystem

• Downside: filenames aren't encrypted. Obviously you can work this by zipping or tarring your entire tree and letting ecryptfs encrypt the zip or tar file, but it's a nuisance.