File Encryption
Protect sensitive files with encryption at rest.
OpenSSL Encryption
Symmetric Encryption
# Encrypt file with password
openssl enc -aes-256-cbc -salt -pbkdf2 -in file.txt -out file.enc
# Decrypt file
openssl enc -d -aes-256-cbc -pbkdf2 -in file.enc -out file.txt
# Encrypt with specific iterations
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -in file.txt -out file.encage (Modern Alternative)
Installation
# Install age
sudo apt install age
# Or download from GitHub
# https://github.com/FiloSottile/ageUsage
# Generate key pair
age-keygen -o key.txt
# Encrypt to recipient
age -r age1ql3z... file.txt > file.age
# Encrypt with passphrase
age -p file.txt > file.age
# Decrypt
age -d -i key.txt file.age > file.txt
# Decrypt with passphrase
age -d file.age > file.txtDirectory Encryption
tar + GPG
# Encrypt directory
tar czf - /path/to/dir | gpg -c -o backup.tar.gz.gpg
# Decrypt directory
gpg -d backup.tar.gz.gpg | tar xzf -eCryptfs
# Install eCryptfs
sudo apt install ecryptfs-utils
# Setup encrypted directory
ecryptfs-setup-private
# Mount encrypted home
ecryptfs-mount-privategocryptfs
# Install
sudo apt install gocryptfs
# Initialize encrypted directory
gocryptfs -init encrypted/
# Mount
gocryptfs encrypted/ decrypted/
# Unmount
fusermount -u decrypted/Best Practices
| Tool | Use Case | Recommendation |
|---|---|---|
| age | Modern file encryption | First choice |
| GPG | Interoperability | Established standard |
| OpenSSL | Simple encryption | Quick tasks |
| gocryptfs | Directory encryption | Transparent access |
Secure Deletion
# Overwrite before deletion
shred -vfz -n 3 sensitive.txt
# Secure delete package
sudo apt install secure-delete
srm sensitive.txtAutomation Script
#!/bin/bash
# Encrypt multiple files
for file in *.txt; do
age -r "$RECIPIENT" "$file" > "$file.age"
shred -u "$file"
done - file encryption
- age
- openssl
- encrypted files
- security