Child pages
  • Encrypting Files In Linux
Skip to end of metadata
Go to start of metadata

Please note that your Unified Linux home directory is not qualified for storing any unencrypted Institutional Sensitive Data.  The methods outlined in this page may result in the data being stored unencrypted until you manually encrypt it which would be a violation.  You must make sure you are never storing any  unencrypted Institutional Sensitive Data on the Linux systems.

If you have a file that contains information you want to protect you can encrypt it. Even though the file permissions may be set so it is only readable by you, it would still be readable by users with root privileges or someone who had compromised the system. To guard against such potential exposure of your data, you are encouraged to use encryption. This document provides a very basic introduction to encrypting files on the SoIC Linux systems.

This document provides the basics of using the gpg encryption tool as well as encryption options in emacs and vi. But, before we get to that there is one very important thing to note: YOU MUST NOT FORGET THE PASSWORD YOU USE TO ENCRYPT FILES OR THE DATA WILL BE LOST. It is not possible for systems staff to recover your password so you must ensure that you don't forget it.

GPG Encryption

GnuPG (aka. gpg) is a commonly used encryption tool that is installed on all the SoIC Linux systems. GnuPG can be used for lots of encryption tasks, including public/private key encryption and key management. This KB page will only provide the most basic introduction to GnuPG needed to simply encrypt and decrypt files. You are encouraged to see the GnuPG documentation for more details.

If you have a file name "somefile", you can encrypt it into a file named "somefile.gpg" by just running:

gpg -c somefile

This will prompt for a password and leave you with two files, the un-encrypted "somefile" and the encrypted "somefile.gpg". Be sure to remove the original un-encrypted version once you have verified that the encryption was successful.

You can then decrypt the file by running:

gpg somefile.gpg

This will write the decrypted version into a file named "somefile".

Emacs With GPG

If you are an emacs user, there is builtin GPG encryption.  All you have to do is emacs a file with the .gpg file extension like:

emacs somefile.gpg

When you save the file, you will be prompted to enter an encryption key.  You may also see a prompt asking you to 'Select recipients for encryption' which is a feature using public/private keys.  If you just want to simply encrypt the file (called symmetric encryption) select OK without selecting a recipient.  On subsequent edits of the file, you will be prompted to enter the encryption key.  Note that if you are using the Gnome or KDE GUI, the password may get cached in memory using your keyring so you may not be prompted for the same password multiple times although you may get a prompt asking you to authorize access to the cached password.

VI Encryption

Vi and the Vi variants like vim and gvim have a simple crypt-based encryption mechanism built in. If you are a vi user, you will find this very easy to use but do note that vi uses a weaker encryption mechanism than gpg. All you have to do is use the -x flag when you create a file. For example, you could run the following to create an encrypted file named "somefile":

vi -x somefile

You will be prompted for the password when you create the file.

On subsequent edits, do not use the -x flag and vi will recognize that the file is encrypted and prompt you for the password. Note that you should NOT use the -x flag for edits of already encrypted files because that will result in you re-encrypting an already encrypted file.

  • No labels