9 votes

Are there any good tools for "one-off" file encryption?

Sorry if this is a silly question, but I keep running into situations where a small CLI or GUI tool that could be handed a single file and hand me back an encrypted version would be useful. I've done some googling, but all I typically turn up is blogspam about random Windows-only tools that seem to be of dubious quality.

Anyone know of a good tool for this type of thing?

9 comments

  1. [4]
    mrnd
    Link
    Age is what I would recommend today. It's similar to GPG in that it provides both symmetric and asymmetric encryption, but is a lot simpler and uses more modern cryptography.

    Age is what I would recommend today.

    It's similar to GPG in that it provides both symmetric and asymmetric encryption, but is a lot simpler and uses more modern cryptography.

    9 votes
    1. tindall
      Link Parent
      Yes. Age (or the Rust implementation thereof) is the right tool for this job.

      Yes. Age (or the Rust implementation thereof) is the right tool for this job.

      3 votes
    2. SkewedSideburn
      Link Parent
      Came here to post this. Please don't use GPG and use age instead

      Came here to post this. Please don't use GPG and use age instead

  2. Silbern
    Link
    My favorite tool when it comes to encrypting files one shot is an encrypted zip file, often through 7zip. It's cross platform, condenses a bunch of files easily, and looks indistinguishable to a...

    My favorite tool when it comes to encrypting files one shot is an encrypted zip file, often through 7zip. It's cross platform, condenses a bunch of files easily, and looks indistinguishable to a normal zip until you try to open it, so it doesn't raise any flags.

    Albeit a Linux specific tool, KDE has a really neat tool called Vault that I think creates a virtual folder wherever, and transparently decrypts and encrypts anything dropped in it or pulled out. I've never used it myself since I have full disk encryption, but it seems really useful and just the trick if you use it on a laptop with an unencrypted drive for instance.

    3 votes
  3. qwertz
    Link
    I've enjoyed GPG4Win and the Kleopatra utility that I believe is bundled with it. It's literally drag-and-drop and is glossy enough for me. GPG4Win: https://www.gpg4win.org/ Kleopatra:...

    I've enjoyed GPG4Win and the Kleopatra utility that I believe is bundled with it. It's literally drag-and-drop and is glossy enough for me.

    GPG4Win: https://www.gpg4win.org/
    Kleopatra: https://www.openpgp.org/software/kleopatra/

    EDIT: Obviously GPG4Win is for Windows but Kleopatra has a Linux version, and that's the important part.

    2 votes
  4. Moonchild
    Link
    OpenSSL. I currently use these functions (they could easily be scripts, too...). (Usage: encrypt file => removes file and generates file.enc. decrypt file.enc does the reverse.) encrypt() { local...

    OpenSSL.

    I currently use these functions (they could easily be scripts, too...). (Usage: encrypt file => removes file and generates file.enc. decrypt file.enc does the reverse.)

    encrypt() {
            local INFILE="$1" 
            local OUTFILE="$1.enc" 
            openssl aes-256-cbc -salt -pbkdf2 -iter 100000 -md sha512 -in "$INFILE" -out "$OUTFILE" && rm -i -f "$INFILE"
    }
    decrypt() {
            local INFILE="$1" 
            local OUTFILE="$(sed 's/\(.*\)\..*$/\1/' <<< "$INFILE")" 
            if [[ "$INFILE" = "$OUTFILE" ]]
            then
                    OUTFILE="$INFILE.decrypted" 
            fi
            openssl aes-256-cbc -d -salt -pbkdf2 -iter 100000 -md sha512 -in "$INFILE" -out "$OUTFILE"
    }
    

    Also these, which may or may not be relevant to your use-case:

    decdit() {
            local FILE="$1" 
            local tmpfile=$(mktemp) 
            openssl aes-256-cbc -d -salt -pbkdf2 -iter 100000 -md sha512 -in "$FILE" -out $tmpfile
            moddate=$(date -r $tmpfile +%s) 
            $EDITOR $tmpfile
            nmoddate=$(date -r $tmpfile +%s) 
            if [[ $moddate != $nmoddate ]]
            then
                    openssl aes-256-cbc -salt -pbkdf2 -iter 100000 -md sha512 -in $tmpfile -out "$FILE" && rm -i -f $tmpfile
            else
                    rm -i -f $tmpfile
            fi
    }
    decview() {
            local INFILE="$1" 
            openssl aes-256-cbc -d -salt -pbkdf2 -iter 100000 -md sha512 -in "$INFILE" | less
    }
    
    2 votes
  5. stickman
    Link
    GPG is what I hear more but you could use 7z or KeepassXC. You may want something like this? https://wiki.archlinux.org/index.php/GnuPG#Symmetric

    GPG is what I hear more but you could use 7z or KeepassXC.
    You may want something like this? https://wiki.archlinux.org/index.php/GnuPG#Symmetric

    1 vote
  6. MikeBos
    Link
    You could try aescrypt (https://www.aescrypt.com/). I used it in the past for exactly this

    You could try aescrypt (https://www.aescrypt.com/). I used it in the past for exactly this

    1 vote