ccrypt is an encryption utility similar to mcrypt which we explored in an earlier article. ccrypt can encrypt and decrypt single files and streams. It intends to be a replacement of the crypt utility which uses weak algorithm for encryption. ccrypt uses the Rijndael block cipher, a version of which is also used in the Advanced Encryption Standard (AES). Using a compatibility mode, ccrypt can decrypt files encrypted using crypt. ccrypt is also easier to use than mcrypt.
ccrypt can be invoked using 4 different commands:
- ccrypt : needs the correct switch for encryption or decryption
- ccencrypt : command to encrypt
- ccdecrypt : command to decrypt
- ccat : direct terminal decryption, to avoid storing on disk
One of the interesting features of ccrypt is it can read the first line of a file and use it as encryption key. The file could be the same file you want to encrypt!
On Ubuntu, run:
$ apt-get install ccrypt
To encrypt a file (ccrypt generates a .cpt file):
$ ccencrypt --keyfile abc abc
$ ccdecrypt abc.cpt
ccrypt syntax and options:
Syntax: ccrypt [mode] [options] [file...] ccencrypt [options] [file...] ccdecrypt [options] [file...] ccat [options] file...
Modes: -e, --encrypt encrypt -d, --decrypt decrypt -c, --cat cat; decrypt files to stdout -x, --keychange change key -u, --unixcrypt decrypt old unix crypt files
Options: -h, --help print this help message and exit -V, --version print version info and exit -L, --license print license info and exit -v, --verbose print progress information to stderr -q, --quiet run quietly; suppress warnings -f, --force overwrite existing files without asking -m, --mismatch allow decryption with non-matching key -E, --envvar var read keyword from environment variable (unsafe) -K, --key key give keyword on command line (unsafe) -k, --keyfile file read keyword(s) as first line(s) from file -P, --prompt prompt use this prompt instead of default -S, --suffix .suf use suffix .suf instead of default .cpt -s, --strictsuffix refuse to encrypt files which already have suffix -F, --envvar2 var as -E for second keyword (for keychange mode) -H, --key2 key as -K for second keyword (for keychange mode) -Q, --prompt2 prompt as -P for second keyword (for keychange mode) -t, --timid prompt twice for encryption keys (default) -b, --brave prompt only once for encryption keys -y, --keyref file encryption key must match this encrypted file -r, --recursive recurse through directories -R, --rec-symlinks follow symbolic links as subdirectories -l, --symlinks dereference symbolic links -T, --tmpfiles use temporary files instead of overwriting (unsafe)