1. Overview

In Linux, there are a couple of encryption tools that allow us to secure our files. In this tutorial, we’ll learn how we can password protect a tar file in Linux using some of these encryption tools.

2. Using gpg

GNU Privacy Guard, also known as GPG, is a command-line tool for encryption and digital signing. It is based on the OpenPGP standard.

We can use the gpg command with different options to specify the type of operations. For instance, ––encrypt specifies to encrypt the files. To encrypt data with a symmetric cipher, the symmetric option is used. The default symmetric cipher for gpg is CAST5. However, we can choose the other cipher algorithm using the ––cipher-algo option.

To know about the supported cipher algorithms, we can use the ––version option.

$ gpg --version
                         ...
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

As an example, let’s take one tar file and encrypt it with gpg:

$ ls
archive_file.tar file1.txt file2.txt file3.txt
$ gpg --symmetric --cipher-algo aes256 archive_file.tar 
$ ls
archive_file.tar archive_file.tar.gpg file1.txt file2.txt file3.txt

When executing the command above, it prompts us to enter the passphrase (in this case, through a GUI pop-up). Once entered, it prompts again to confirm the same. On successful execution of the command, it will generate the archive file with a ‘*.gpg*‘ extension. This output file will be encrypted and protected with your passphrase.

In order to get the tar file back from the encrypted file, we can use the ––decrypt option:

$ gpg --output archive_file.tar --decrypt archive_file.tar.gpg 
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
$ ls
archive_file.tar archive_file.tar.gpg file1.txt file2.txt file3.txt

Here, we can use the ––output option to specify the particular output file name. The same passphrase must be entered when prompted to decrypt the file.

3. Using ccrypt

The ccrypt is also a command-line tool to encrypt and decrypt files and streams. It is based on the Rijndael or Advanced Encryption Standard (AES) block cipher.

Encrypt (––encrypt or -e) is the default mode. This mode encrypts the given file and appends a ‘*.cpt‘ extension to it. Alternatively, we can directly use the ccencrypt command with the file name to encrypt the file. This is equivalent to ‘ccrypt -e*‘.

For example, when we execute ccrypt command, it asks for an encryption key to encrypt our tar file:

$ ls
file1.txt file2.txt file3.txt tar_file.tar
$ ccrypt tar_file.tar
Enter encryption key: 
Enter encryption key: (repeat) 
$ ls
file1.txt file2.txt file3.txt tar_file.tar.cpt

In the process of decrypting the .cpt file to get back the original file, we need to execute the ccrypt command with the ––decrypt option. When executing this combination, it prompts for the decryption key. In order to decrypt, we need to enter the same key that we used for encryption.

$ ccrypt --decrypt tar_file.tar.cpt
Enter decryption key: 
$ ls
file1.txt  file2.txt  file3.txt  tar_file.tar

4. Conclusion

In this article, we saw two command-line tools, gpg, and ccrypt. Using these, we can encrypt our tar file with a passphrase. Moreover, using the same tools, we can get the original tar file by decrypting them with the same passphrase.