In this post I will show you how to use symmetric encryption to encrypt a file from the command line with a single password. I’ll keep it short and simple. I’ll use something called GNU Privacy Guard (GnuPG). This guide is for GNU/Linux users in mind, just so you know.
As I said, I will be using GnuPG, which is a command line program that might already be installed on your operating system. If not, install it before we go any further. For Debian-based distros, just run “sudo apt-get install gnupg”. Or visit the official website for GnuPG at http://gnupg.org/ to find out how to download and install it.
I will show you how to encrypt files using the AES-256 encryption cipher, and encrypt your file with a password of your choice.
If you’re not sure which cipher to use, AES-256 is a pretty safe choice nowadays. It’s recommended by the US Government and it’s commonly used. The key size of AES-256 is 256-bits (32 bytes).
First, make sure you are in the right directory, where the file you want to encrypt is located. Do this by opening a terminal and run the following command:
For example: “cd /home/myuser/Documents/”.
To encrypt files using 256-bit AES, use the –cipher-algo AES256 option for GnuPG. Or leave that part out, for the default, which is the CAST5 symmetrical algorithm. For example to encrypt a file called example.txt using this cipher, type the following in the terminal:
gpg --symmetric --cipher-algo AES256 example.txt
You will be asked to choose a password, make it a strong one. This will produce a file called example.txt.gpg containing your encrypted data. You will find it in the same folder that you navigated to in the beginning.
You can name the encrypted file whatever you want by using the -o (or –output) option:
gpg -o filename.gpg --symmetric --cipher-algo AES256 example.txt
Make a password for it when prompted. This command will give you the encrypted file the name that you choose.
To decrypt your file named example.txt.gpg (or whatever you called it), run:
gpg -o new_filename.txt -d example.txt.gpg
The -o option is for naming the resulting file from the decryption. -d stands for decrypt. To decrypt it, enter the password you chose for the encryption when prompted. When done it will appear in the folder you are currently in.
Lastly, if you want the decrypted text/data printed in your terminal / command line window, type this command (it doesn’t work that well with .odt-files and similar, obviously):
gpg -d example.txt.gpg
And please, do choose a strong password for the encryption of your files, since your password may be the weakest link. The length should be at least be 20 characters in my opinion. Use hard to guess passwords with symbols, upper case and lower case characters, etc.
If you don’t feel like using the command line, you can have a look at some of the frontends using a graphical user interface (GUI). I haven’t tried them myself, because I use the command line, but have a look at the GnuPG website.
I hope this guide helped you. I tried making it informative and fairly short. If you have any questions, just leave them as comments below.