Linux Hack of the Week #8: Encrypting & Decrypting Files on Linux

What’s great about Linux is that there are around a dozen ways to do every task. For example, did you know that by using GPG you can encrypt files with a passphrase or key on the Linux command line?

Example Data

First, we need to a create a file with some data to encrypt. In this example we’ll use the rpm command to get a list of all installed packages on your machine:

[joe@fedora28 ~]$ rpm -qa > secretFile.txt
[joe@fedora28 ~]$ head secretFile.txt
elfutils-default-yama-scope-0.170-11.fc28.noarch
cpp-8.1.1-1.fc28.x86_64
perl-Encode-2.97-3.fc28.x86_64
rp-pppoe-3.12-11.fc28.x86_64
webrtc-audio-processing-0.3-7.fc28.x86_64
abrt-2.10.8-2.fc28.x86_64
mariadb-10.2.14-1.fc28.x86_64
langtable-data-0.0.38-5.fc28.noarch
mesa-filesystem-18.0.2-1.fc28.x86_64
perl-Try-Tiny-0.30-2.fc28.noarch
 

To verify that our encryption process is giving us back exactly what we give it, we will generate  a hash of the file. Use md5sum to create the hash. Note: This isn’t needed each time you encrypt a file, but we’ll use it for today’s example:

[joe@fedora28 ~]$ md5sum secretFile.txt
ec414472b108a98f12ee36b78ce50d18  secretFile.txt
 

Encryption

Next, we will encrypt it with a passphrase. To do so, use the command gpg with the option -c for symmetric encryption:

[joe@fedora28 ~]$ gpg -c  secretFile.txt
Enter passphrase:
 

An import note - doing this does not delete the original file, so you will need to delete it to remove the clear text file:

[joe@fedora28 ~]$ ls secretFile.*
secretFile.txt  secretFile.txt.gpg
 

Let’s check the hash again using md5sum. This time it is different as the file has been changed. If you head the file, you’ll see that it is clearly different. Also, take a look at the content:

[joe@fedora28 ~]$ md5sum secretFile.txt.gpg
c6e6afb9257da7ec61ce2658c22f0b4a  secretFile.txt.gpg
[joe@fedora28 ~]$ head secretFile.txt.gpg
���@�`��ޅ7��kLd�$��%��qa�LM�3<Tր8+ ��6
 

Decryption

Now we will decrypt using gpg -d. You’ll provide the same password you used above:

[joe@fedora28 ~]$ gpg -d secretFile.txt.gpg > secretFile.txt
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
 

Verify that it is your original file and take a look at the content:

[joe@fedora28 ~]$ md5sum secretFile.txt
ec414472b108a98f12ee36b78ce50d18  secretFile.txt
[joe@fedora28 ~]$ head secretFile.txt
elfutils-default-yama-scope-0.170-11.fc28.noarch
cpp-8.1.1-1.fc28.x86_64
perl-Encode-2.97-3.fc28.x86_64
rp-pppoe-3.12-11.fc28.x86_64
webrtc-audio-processing-0.3-7.fc28.x86_64
abrt-2.10.8-2.fc28.x86_64
mariadb-10.2.14-1.fc28.x86_64
langtable-data-0.0.38-5.fc28.noarch
mesa-filesystem-18.0.2-1.fc28.x86_64
perl-Try-Tiny-0.30-2.fc28.noarch
 

Woo hoo! You have now encrypted and decrypted data with a passphrase. As always, if you have any questions feel free to reach out at support@automox.com.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial