How can I encrypt plain text with a password on Linux?

http://www.unreadable.de/ takes a plaintext message + password input and encrypts the plaintext. I want to do this locally on Linux. Is there a one-line command that will compute an encrypted version of my message that I can then email?

My goal is for the receiver to be able to decode the message with nothing but the password.

To be clear, I have no idea what various encryption schemes are (AES, openSSL, RSA, GPG, salt, base64, DES, CBC, reentrant) and not really interested in a research project. I just want a one-line command like

encrypt message.txt -password=secret.txt

which would be decoded like

decrypt message.txt -password=secret.txt

(Yes, I did use google first. https://encrypted.google.com/search?q=encrypt+plain+text+files+with+password+linux is not showing me anything I understand / think I can use.)

encryption

isomorphismes

Posted 2014-10-24T21:15:42.053

Reputation: 1 534

How strong encryption to you want? The most universal solution would be to attach a password-protected ZIP file: not the strongest encryption, but anyone with the password will be able to read it, regardless of mail client or operating system. If it is only a select group of people that you want to send encrypted e-mails to, and you all use Mozilla-based mail clients, then the EnigMail add-on [https://www.enigmail.net/home/index.php] offers the easiest solution for sender and recipient to use. – AFH – 2014-10-24T21:57:00.673

@AFH That's a good idea! – isomorphismes – 2014-10-25T01:31:49.387

Answers

The openssl(1) manpage gives a few examples on how to do this:

 ENC EXAMPLES
      Just base64 encode a binary file:

            $ openssl base64 -in file.bin -out file.b64

      Decode the same file:

            $ openssl base64 -d -in file.b64 -out file.bin

      Encrypt a file using triple DES in CBC mode using a prompted password:

            $ openssl des3 -salt -in file.txt -out file.des3

      Decrypt a file using a supplied password:

            $ openssl des3 -d -in file.des3 -out file.txt -k mypassword

      Encrypt a file then base64 encode it (so it can be sent via mail for
      example) using Blowfish in CBC mode:

            $ openssl bf -a -salt -in file.txt -out file.bf

      Base64 decode a file then decrypt it:

            $ openssl bf -d -a -in file.bf -out file.txt

As for the question on hand, the specific encryption scheme only matters inasmuch as both sides must of course use the same one. If you don’t know which one to use, Blowfish is probably a sensible choice:

$ openssl bf -a -salt -in file.txt -out file.bf
$ openssl bf -d -a -in file.bf -out file.txt

I take that you know that encrypting something without knowing at least a minimum about the cryptosystem used is… probably unwise. Personally, I think that a system like GPG is better suited for your task, but requires a little bit more setup, so technically doesn’t fit your question.

Vucar Timnärakrul

Posted 2014-10-24T21:15:42.053

Reputation: 671

Why did someone downvote this? Is it wrong? – isomorphismes – 2014-10-24T21:33:24.327

@isomorphismes I don't know, but more importantly, why didn't you up vote it? (Assuming this is helpful for you) – slhck – 2014-10-24T21:52:36.177

@slhck I'm still trying to run and understand both answers. – isomorphismes – 2014-10-25T01:30:57.810

OpenSSL will work. From How can I encrypt a string in the shell?:

# generate a 2048-bit RSA key and store it in key.txt
openssl genrsa -out key.txt 2048

# encrypt "hello world" using the RSA key in key.txt
echo "hello world" | openssl rsautl -inkey key.txt -encrypt >output.bin

# decrypt the message and output to stdout
openssl rsautl -inkey key.txt -decrypt <output.bin

For a simpler but less secure approach, try crypt: http://man7.org/linux/man-pages/man3/crypt.3.html

Joe Mornin

Posted 2014-10-24T21:15:42.053

Reputation: 1 399

Thanks Joseph! I very much appreciate the prompt response. – isomorphismes – 2014-10-24T21:26:47.310