A Quick Look at Two Opensource File Encryption Software

=== Update ===

Check out the comments for an update from Paul at http://www.packetizer.com/. Also look at the updated linux page: http://www.aescrypt.com/linux_aes_crypt.html

=== End update ===

The following post was crossposted at http://www.internetling.com :

At my work, I noticed that I work on some documents that I felt needed to be encrypted. Working in a hybrid environment with Gentoo Linux, CentOS Linux, Solaris 10 sparc/i86pc, and Windows, I wanted to pick a program that was open source and can use cross platform if possible. I wanted to encrypt files instead of creating encrypted volumes that I have to mount and then put files into. It gives me an option to e-mail the encrypted files as well.

By default, our Solaris boxes come with /usr/bin/crypt which I can use to encrypt and decrypt files. Looking over the wikipedia entry, it is too cryptographically weak that it could be brute forced. After reading about this, I wanted something that uses the Rijndael cipher, which is much stronger and would take quite awhile to brute force.

Upon my search, I found two different open source programs that hashes the key to 256 bits (2^256 different possibilities):

Here’s a quick run down of some pros and cons of each:

ccrypt

    Pros:

  • Can be compiled/installed on multiple operating systems. Encrypting a file on Linux doesn’t mean it has to be decrypted in Linux. You can use encrypt in Linux and decrypt on Solaris just fine.
  • The encryption writes over original file so you don’t leave any plain text copies around.
  • The ccat command lets you cat the encrypted file to your screen without leaving plain text copies.
  • Can decrypt old UNIX crypt files.
  • A ton more options you can do. For example, recurse through directories.
    Cons:

  • The Windows port needs to have cygwin installed.
  • Compiling on UNIX required to do the old ./configure, make , make install. Only a con because of how simple aescrypt was.

aescrypt

    Pros:

  • Can be compiled/installed on multiple operating systems. Encrypting a file on Linux doesn’t mean it has to be decrypted in Linux. You can use encrypt in Windows and decrypt on Solaris just fine.
  • Windows port integrates with the context menu. You can right click a file and choose “AES decrypt” or “AES encrypt”.
  • Really simply to compile, just a simple make.
  • Has a java library to use for your java programs.
    Cons:

  • Encrypting a file creates a new file with the extension aes and leaves the plain text file alone.
  • Only decrypt and encrypt, no nifty ccat command like in ccrypt.

The real deal breaker to some people though is how aescrypt can integrate in the context menu in Windows while ccrypt has to use cygwin to get it to work. I did not fall into this category as my deal breakers were the convenience of having ccat to quickly look over a file and the fact that I don’t have to do an extra step of deleting my plain text file after encrypting to be well worth it. Yes, it would be nice if I could use ccrypt in Windows without cygwin, but having it work on Linux and Solaris was good enough for me.

Choose what you need for your environment though, not everyone’s needs are the same. For creating some encrypted volumes, try out True Crypt.

This entry was posted in software. Bookmark the permalink.

4 Responses to A Quick Look at Two Opensource File Encryption Software

  1. It’s always cool to see a review of AES Crypt and to get some feedback on how we can improve the program.

    It’s true that AES Crypt does not have a separate executable that provides a “cat” behavior, but it was not needed. Typing “aescrypt -d -o – file.aes” will do the same thing. But, since that was not clear, I added another example to the Linux command-line page.

    From time to time, I have been asked about deleting the original plaintext file. The reason we did not do that is because simply deleting a file does not really hide the contents: it could be recovered if somebody inspected the drive. So, rather than give a false sense of security, we opted to not add that feature.

    For Linux, the tool I would suggest using to do that would be the GNU “shred” utility.

    I hope that helps you and the others visiting your blog!

    Paul

  2. Ryan says:

    Thanks for the comment Paul!

  3. File Lock says:

    Good information about open source file encryption software. there ia one more great utility for file encryption and locking that you can feature in your next blog posting, it is the most popular file encryption software Folder Lock. You can get complete detail about all its features, benefits that you will be needing from http://www.newsoftwares.net/folderlock/

    hope you will feature it too because it will be of great help for your blog reader

  4. Mark says:

    There are a lot of free/Open Source file shredders available. I am partial to Eraser, so shredding files left if using aescrypt isn’t too much of a problem./ I also use TrueCrypt, so if sensitive files are saved in a TC partition, and then encypted, the original file can be left secure anyway. I tend to erase files more than simply deleting them as a matter of course, so it’s not an extra step for me.

    I will enjoy looking at ccrypt in Linux once I have my box up and running again..

    Thanks for the info.

Leave a Reply

Your email address will not be published. Required fields are marked *