Aimlessly Going Forward

blog by Tomas Sedovic

Simple symmetric file encryption on Linux

So one day I was wondering how to encrypt a file on Linux. My first thought was using GPG and so I started reading about how to generate a keypair and almost quit in despair.

But! Turn's out GPG supports a symmetric encryption (just passwords, no mucking about with keys) and it's super easy!

Encrypt a file:

If you have a file diary.txt you can encrypt it thusly:

$ gpg2 --symmetric diary.txt

You will be prompted for a password -- twice. Then a new file diary.txt.gpg will be created (you can use --output for a different filename).

NOTE: the diary.txt file will still be here. Depending on what you plan to do, you may want to delete the original.

Decrypt to a file:

$ gpg2 --output diary.txt --decrypt diary.txt.gpg

You can also encrypt/decrypt using the standard input/output.

Encrypt from STDIN:

$ echo "Orange is my favourite colour." | gpg2 --symmetric --output message.gpg

Decrypt to STDOUT:

$ gpg2 --decrypt message.gpg

You'll be asked for a password and if it's correct the original message will be printed out.

Bonus: Emacs

Emacs supports GPG out of the box via Easy PG.

When you try to open a .gpg file, you'll be asked for a password to decrypt it and again when you save it.


A few more notes:

  1. There are two tools called gpg and gpg2. As far as I could find out, gpg2 is for desktops while gpg is for servers but they both work.
  2. Apart from the fact that it uses AES, I know nothing about the default encryption algorithm, mode, message authentication, etc. this uses. Is it safe or should we pick a better default.
  3. How do you create and use a good GPG keypair?

Tomas Sedovic on 18 August, 2016