ccrypt: cmdline encryption utility

emailccrypt is an encryption utility similar to mcrypt which we explored in an earlier article. ccrypt can encrypt and decrypt single files and streams. It intends to be a replacement of the crypt utility which uses weak algorithm for encryption. ccrypt uses the Rijndael block cipher, a version of which is also used in the Advanced Encryption Standard (AES). Using a compatibility mode, ccrypt can decrypt files encrypted using crypt. ccrypt is also easier to use than mcrypt.

ccrypt can be invoked using 4 different commands:

  • ccrypt : needs the correct switch for encryption or decryption
  • ccencrypt : command to encrypt
  • ccdecrypt : command to decrypt
  • ccat : direct terminal decryption, to avoid storing on disk

One of the interesting features of ccrypt is it can read the first line of a file and use it as encryption key. The file could be the same file you want to encrypt!


On Ubuntu, run:

$ apt-get install ccrypt


To encrypt a file (ccrypt generates a .cpt file):

$ ccencrypt --keyfile abc abc

To decrypt:

$ ccdecrypt abc.cpt

ccrypt syntax and options:

Syntax: ccrypt [mode] [options] [file...]
 ccencrypt [options] [file...]
 ccdecrypt [options] [file...]
 ccat [options] file...
 -e, --encrypt encrypt
 -d, --decrypt decrypt
 -c, --cat cat; decrypt files to stdout
 -x, --keychange change key
 -u, --unixcrypt decrypt old unix crypt files
 -h, --help print this help message and exit
 -V, --version print version info and exit
 -L, --license print license info and exit
 -v, --verbose print progress information to stderr
 -q, --quiet run quietly; suppress warnings
 -f, --force overwrite existing files without asking
 -m, --mismatch allow decryption with non-matching key
 -E, --envvar var read keyword from environment variable (unsafe)
 -K, --key key give keyword on command line (unsafe)
 -k, --keyfile file read keyword(s) as first line(s) from file
 -P, --prompt prompt use this prompt instead of default
 -S, --suffix .suf use suffix .suf instead of default .cpt
 -s, --strictsuffix refuse to encrypt files which already have suffix
 -F, --envvar2 var as -E for second keyword (for keychange mode)
 -H, --key2 key as -K for second keyword (for keychange mode)
 -Q, --prompt2 prompt as -P for second keyword (for keychange mode)
 -t, --timid prompt twice for encryption keys (default)
 -b, --brave prompt only once for encryption keys
 -y, --keyref file encryption key must match this encrypted file
 -r, --recursive recurse through directories
 -R, --rec-symlinks follow symbolic links as subdirectories
 -l, --symlinks dereference symbolic links
 -T, --tmpfiles use temporary files instead of overwriting (unsafe)

Webpage: ccrypt

3 thoughts on “ccrypt: cmdline encryption utility”

Leave a Reply

Your email address will not be published. Required fields are marked *