3

http://www.unreadable.de/ takes a plaintext message + password input and encrypts the plaintext. I want to do this locally on Linux. Is there a one-line command that will compute an encrypted version of my message that I can then email?

My goal is for the receiver to be able to decode the message with nothing but the password.

To be clear, I have no idea what various encryption schemes are (AES, openSSL, RSA, GPG, salt, base64, DES, CBC, reentrant) and not really interested in a research project. I just want a one-line command like

encrypt message.txt -password=secret.txt

which would be decoded like

decrypt message.txt -password=secret.txt

(Yes, I did use google first. https://encrypted.google.com/search?q=encrypt+plain+text+files+with+password+linux is not showing me anything I understand / think I can use.)

Improve this question
2
  • 1
    How strong encryption to you want? The most universal solution would be to attach a password-protected ZIP file: not the strongest encryption, but anyone with the password will be able to read it, regardless of mail client or operating system. If it is only a select group of people that you want to send encrypted e-mails to, and you all use Mozilla-based mail clients, then the EnigMail add-on [enigmail.net/home/index.php] offers the easiest solution for sender and recipient to use.
    – AFH
    Commented Oct 24, 2014 at 21:57
  • @AFH That's a good idea!
    – isomorphismes
    Commented Oct 25, 2014 at 1:31

4 Answers 4

Reset to default
4

The openssl(1) manpage gives a few examples on how to do this:

 ENC EXAMPLES
      Just base64 encode a binary file:

            $ openssl base64 -in file.bin -out file.b64

      Decode the same file:

            $ openssl base64 -d -in file.b64 -out file.bin

      Encrypt a file using triple DES in CBC mode using a prompted password:

            $ openssl des3 -salt -in file.txt -out file.des3

      Decrypt a file using a supplied password:

            $ openssl des3 -d -in file.des3 -out file.txt -k mypassword

      Encrypt a file then base64 encode it (so it can be sent via mail for
      example) using Blowfish in CBC mode:

            $ openssl bf -a -salt -in file.txt -out file.bf

      Base64 decode a file then decrypt it:

            $ openssl bf -d -a -in file.bf -out file.txt

As for the question on hand, the specific encryption scheme only matters inasmuch as both sides must of course use the same one. If you don’t know which one to use, Blowfish is probably a sensible choice:

$ openssl bf -a -salt -in file.txt -out file.bf
$ openssl bf -d -a -in file.bf -out file.txt

I take that you know that encrypting something without knowing at least a minimum about the cryptosystem used is… probably unwise. Personally, I think that a system like GPG is better suited for your task, but requires a little bit more setup, so technically doesn’t fit your question.

Improve this answer
3
  • Why did someone downvote this? Is it wrong?
    – isomorphismes
    Commented Oct 24, 2014 at 21:33
  • @isomorphismes I don't know, but more importantly, why didn't you up vote it? (Assuming this is helpful for you)
    – slhck
    Commented Oct 24, 2014 at 21:52
  • @slhck I'm still trying to run and understand both answers.
    – isomorphismes
    Commented Oct 25, 2014 at 1:30
3

$ echo 'super secret message' > plain.txt

$ openssl enc -k secretpassword123 -aes256 -base64 -e -in plain.txt -out cipher.txt

$ cat cipher.txt

 U2FsdGVkX1+vXUvo9fOehyq11uH+za8COV/+UScl2w6JPiFoVm3pte639CMDBMTB

$ openssl enc -k secretpassword123 -aes256 -base64 -d -in cipher.txt -out plain_again.txt

$ cat plain_again.txt

super secret message

Taken from here

Improve this answer
1

OpenSSL will work. From How can I encrypt a string in the shell?:

# generate a 2048-bit RSA key and store it in key.txt
openssl genrsa -out key.txt 2048

# encrypt "hello world" using the RSA key in key.txt
echo "hello world" | openssl rsautl -inkey key.txt -encrypt >output.bin

# decrypt the message and output to stdout
openssl rsautl -inkey key.txt -decrypt <output.bin

For a simpler but less secure approach, try crypt: http://man7.org/linux/man-pages/man3/crypt.3.html

Improve this answer
2
  • Thanks Joseph! I very much appreciate the prompt response.
    – isomorphismes
    Commented Oct 24, 2014 at 21:26
  • 'message' means different things, but if it's more than about 240 bytes direct RSA doesn't work. Also openssl rsautl defaults to pkcs1-v1_5 padding and if it is possible to construct a padding oracle that can be broken by the Bleichenbacher attack. crypt(3) in spite of the name doesn't do encryption at all; it does password hashing, sometimes using an encryption primitive within the hash. hashing is irreversible and the definition of encryption is that is is reversible but only with the key. You want crypt(1) if available.
    – dave_thompson_085
    Commented Oct 28, 2020 at 2:38
-1

I know this is a very old thread, but maybe some people searching for similar solutions (I was myself) will find useful the utility ccrypt, which is what OP was asking for: simple one-line encryption of a file, works in linux, Windows and others.

Improve this answer
1
  • Welcome to Super User! While this may answer the question, it would be a better answer if you could provide some explanation why it does so, by including some example code.
    – DavidPostill
    Commented Oct 28, 2020 at 8:22

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .