Encrypt sensitive information with Ccrypt on Ubuntu Linux

Sometimes you need to encrypt and protected some information with a passwords, so only you or person who knows the password can have access to it. Linux provides couple of useful command line utilities to do that. The original crypt command is considered obsolete because it uses very weak algorithms to encrypt data and it is easy to break it. Crypt has couple of replacements which are open source as well and use modern AES algorithms to encrypt data. In this article we will look in two of them. Both programs do exactly the same and has similar command line parameters. First encryption utility is Mcrypt which is considered direct replacement of original crypt. The second more modern tool is Ccrypt which is a little bit fast and easy to use. But first let’s start with installation of them.

Installation of those two programs is very easy on Ubuntu and any other Debian based distributions. Just type sudo apt-get install ccrypt or sudo apt-get install mcrypt.

sudo apt-get install ccrypt

Ccrypt installation is straight forward. It installs only one file and has no requirements. Here is the screen shot of installation process of ccrypt Linux command line tool.
Ubuntu Ccrypt Linux Command Line Tool to Encrypt Files and Data

Installing MCrypt requires installation of one library, but everything is handled automatically. Required library is libmhash2 which provides a uniform interface to a large number of hash algorithms that can be used to compute checksums, message digests, and other signatures.

sudo apt-get install mcrypt

Ubuntu Linux - Mcrypt - Encrypt/Decrypt Command Line Tool

Here are the man pages of both programs – Ccrypt man page and Mcrypt man page. Usage of programs is easy and straightforward. Just type command and file that you want to encrypt.

Here I have a 800MB test file which is PostgreSQL dump file of one database that I administer. Periodically I do a backup to either DropBox as explained in DropBox backup tutorial or to Google Drive which I wrote short How to access Google Drive via command line or to the Amazon Glacier AWS service which I also wrote How to Use Amazon Glacier on Linux. So when you upload files to those service for backup better to store them encrypted, because you never know what my happen. Somebody may broke your account or data may leak somehow. So look into image what we have as input file that will be encrypted.

Ubuntu Linux Encrypt Test File

Linux Database Data to Encrypt with Command Line

Here is how to use ccrypt. Usage is simple as typing ccrypt file-to-encrypt. After finishing with encryption ccrypt deletes original file and creates another one with extension .cpt.

howopensource@debian:~/crypt$ ls
-rw-r--r-- 1 howopensource howopensource 819550072 Jun 29 14:46 psql.dump.sql
howopensource@debian:~/crypt$ ccrypt psql.dump.sql
Enter encryption key:
Enter encryption key: (repeat)
howopensource@debian:~/crypt$ ls
-rw-r--r-- 1 howopensource howopensource 819550104 Jun 29 14:46 psql.dump.sql.cpt
howopensource@debian:~/crypt$

As you see file size differ a little bit. You can run more psql.dump.sql.cpt to check what is inside and you will see nothing. As you see Ccrypt is very easy to use and it is very fast. For example to encrypt this 800MB files it took less than 30 seconds.

Also you have to provide a password which should remember. Generally longer password is better. Encryption key can consist of any number of characters, and all characters are significant.

Ubuntu Ccrypt Command to Encrypt Data

Another useful approach in this case is to run gzip first and then to encrypt file. This you will save a lot of space. If you run gzip on encrypted file it will save almost nothing because data are not structured. But if you run gzip on original text file it will save a lot of space. Here is the commands that you need to execute.

howopensource@debian:~/crypt$ ls
-rw-r--r-- 1 howopensource howopensource 819550072 Jun 29 14:46 psql.dump.sql
howopensource@debian:~/crypt$ gzip psql.dump.sql
howopensource@debian:~/crypt$ ls
-rw-r--r-- 1 howopensource howopensource 132846587 Jun 29 14:46 psql.dump.sql.gz
howopensource@debian:~/crypt$ ccrypt psql.dump.sql.gz
Enter encryption key:
Enter encryption key: (repeat)
howopensource@debian:~/crypt$ ls
-rw-r--r-- 1 howopensource howopensource 132846619 Jun 29 14:46 psql.dump.sql.gz.cpt
howopensource@debian:~/crypt$

As you see gzip reduces the file size from 780MB down to 127MB. Then encryption gets just less than 10 seconds.

Decryption of file is simple as encrypting it. You just need to add a parameter -d and to provide the same password (encryption key).

howopensource@debian:~/crypt$ ccrypt -d psql.dump.sql.cpt
Enter decryption key:
howopensource@debian:~/crypt$ ls
-rw-r--r-- 1 howopensource howopensource 819550072 Jun 29 14:46 psql.dump.sql
howopensource@debian:~/crypt$

As you see the size of file now is the same as original. And you can run command more psql.dump.sql to see that everything is OK.

Ubuntu Linux Decrypt Command Tool

Ccrypt provides couple of more feature. For example if you want to automate encryption and put it into the bash script then you need to pass password as parameter. There is option which tells ccrypt to read encryption key from file, or to pass is as parameter or to read it from environment variable. The best way (safe way) is to read it from file. Also there is an option ccrypt to process all files recursively in all subdirectories. This will save you some typing and time. So it is very handy tool that is easy to use, run fast and can be scripted and tasks can be automated.

Usage of another tool Mcrypt is similar. In another article I will discuss deep usage of mcrypt. But I suggest to use Ccrypt as it is newer, faster, and easy to use compare to mcrypt.

Related Posts Plugin for WordPress, Blogger...

  • Tomas

    Good article. I used to use ccrypt until I switched to GPG. No more passwords to remember.

  • Don’t use mcrypt. It’s abandonware.