Encryption is a crucial aspect of securing sensitive information on your Linux system. One of the tools you can use for this purpose is mcrypt, which provides symmetric encryption and decryption capabilities. This guide will walk you through the process of using mcrypt to encrypt and decrypt files and directories on Linux, covering a range of options and examples.
In this tutorial you will learn:
- How to use
mcryptto encrypt files - How to use
mcryptto decrypt files - How to apply compression with encryption using
mcrypt - Different encryption algorithms and modes available in
mcrypt
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Linux operating system |
| Software | mcrypt |
| Other | Basic understanding of Linux command line |
| Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Installing mcrypt
To use mcrypt on your Linux system, you first need to install it. Below are the installation instructions for Debian, Ubuntu, CentOS, and RHEL.
For debian and ubuntu, use the following commands:
Debian and Ubuntu
$ sudo apt update $ sudo apt install mcrypt
CentOS and RHEL
First, you need to enable the EPEL repository, then install mcrypt.
$ sudo yum install epel-release $ sudo yum install mcrypt
For CentOS 8 and RHEL 8, use the dnf package manager:
$ sudo dnf install epel-release $ sudo dnf install mcrypt
Creating a Sandbox Environment
To ensure a safe practice environment, create a sandbox directory where you can test the encryption and decryption examples without affecting important data. Use the following commands:
$ mkdir ~/encryption_sandbox $ cd ~/encryption_sandbox $ touch file1.txt file2.txt $ mkdir dir1 dir2 $ echo "This is a test file" > file1.txt $ echo "This is another test file" > file2.txt $ echo "File in directory 1" > dir1/file_in_dir1.txt $ echo "Another file in directory 1" > dir1/another_file_in_dir1.txt $ echo "File in directory 2" > dir2/file_in_dir2.txt
This setup creates a directory named encryption_sandbox containing two text files and two subdirectories, each with their own text files, providing a controlled environment for practicing encryption and decryption.
DID YOU KNOW?
The mcrypt utility can be configured to use a variety of symmetric key algorithms, such as AES, Blowfish, and Twofish. This flexibility allows you to choose the most suitable algorithm for your security needs. Additionally, mcrypt can work with different modes of operation, like CBC (Cipher Block Chaining) and ECB (Electronic Codebook), providing further customization for encryption processes. To see the available algorithms, you can run mcrypt --list or mcrypt --list-hash.
Encryption Examples
Encrypting files and directories using mcrypt involves various options and configurations. Note that by default, mcrypt will prompt you to supply a password twice (once for encryption and once for confirmation) unless you use the -k option to specify a password directly. Here are seven examples to demonstrate its usage:
- Basic File Encryption: Encrypting a single file using the default settings.
$ mcrypt file1.txt
This command encrypts
file1.txtand creates an encrypted file namedfile1.txt.nc.
Encrypting a single file - File Encryption with Specified Algorithm: Encrypting a file using a specific encryption algorithm.
$ mcrypt -a blowfish file1.txt
This command uses the Blowfish algorithm to encrypt
file1.txt, outputtingfile1.txt.nc. - File Encryption with Compression: Encrypting and compressing a file using gzip before encryption.
$ mcrypt -z file2.txt
This command compresses
file2.txtwith gzip and then encrypts it, resulting infile2.txt.nc. - Encrypting a Directory: Encrypting all files in a directory by first compressing the directory and then encrypting it.
$ tar cz dir1/ | mcrypt -k abc123 > dir1.tar.gz.nc
This command compresses
dir1into a tar.gz file and then encrypts it using the passwordabc123, resulting indir1.tar.gz.nc. - File Encryption with a Keyfile: Using a keyfile for encryption instead of a passphrase.
$ mcrypt -f keyfile.txt file1.txt
This command reads the encryption key from
keyfile.txtand uses it to encryptfile1.txt.
File Encryption with a Keyfile - File Encryption with OpenPGP Format: Encrypting a file using the OpenPGP file format.
$ mcrypt --openpgp file2.txt
This command encrypts
file2.txtin OpenPGP format, creatingfile2.txt.nc. - File Encryption with a Specific Key Size: Encrypting a file with a specified key size.
$ mcrypt -s 32 file1.txt
This command encrypts
file1.txtusing a key size of 32 bytes, resulting infile1.txt.nc.
Decryption Examples
Decrypting files encrypted with mcrypt is straightforward. Here are seven examples to demonstrate how to decrypt various types of encrypted data:
- Basic File Decryption: Decrypting a file encrypted with the default settings.
$ mcrypt -d file1.txt.nc
This command decrypts
file1.txt.nc, outputting the originalfile1.txt. - File Decryption with Specified Algorithm: Decrypting a file using a specific encryption algorithm.
$ mcrypt -d -a blowfish file1.txt.nc
This command uses the Blowfish algorithm to decrypt
file1.txt.nc, outputting the originalfile1.txt. - Decryption of Compressed File: Decrypting a file that was compressed before encryption.
$ mcrypt -d file2.txt.nc
This command decrypts
file2.txt.ncand decompresses it, outputting the originalfile2.txt. - Decrypting a Directory: Decrypting and extracting a directory that was compressed and encrypted.
$ mcrypt -d dir1.tar.gz.nc $ tar -xzvf dir1.tar.gz
This command decrypts
dir1.tar.gz.ncand then the next command extracts the contents, restoringdir1. - File Decryption with a Keyfile: Using a keyfile for decryption instead of a passphrase.
$ mcrypt -d -f keyfile.txt file1.txt.nc
This command reads the decryption key from
keyfile.txtand uses it to decryptfile1.txt.nc. - File Decryption with OpenPGP Format: Decrypting a file encrypted in OpenPGP format.
$ mcrypt -d --openpgp file2.txt.nc
This command decrypts
file2.txt.ncwhich was encrypted in OpenPGP format, outputting the originalfile2.txt. - File Decryption with a Specific Key Size: Decrypting a file with a specified key size.
$ mcrypt -d -s 32 file1.txt.nc
This command decrypts
file1.txt.ncusing a key size of 32 bytes, resulting in the originalfile1.txt.
Conclusion
Encrypting and decrypting files and directories on Linux using mcrypt is a powerful way to protect your sensitive data. This guide has provided various examples of how to use mcrypt for both encryption and decryption, with and without compression, using different algorithms and formats. By following these examples, you can effectively secure your data against unauthorized access.