What is a good program in unix/linux to encrypt/decrypt files and
whole directories ... for example i have seen in freshmeat a program called ccrypt
and another called mcrypt. There is also gnupg but i dont think it can
encrypt recursively directories. I am looking for open source and free
programs
I do not want to use zip (pkzip) since that does archiving into a
single file which i dont like. What seems to be the most popular or
best  method?
I would like someone who has experience with this subject to answer if
at all possible.

skks:

I've coded 2 little scripts that recursively encrypt all the files in
a directory in different files (called filename.crypted).
The program used to encrypt the files is 'mcrypt' on the mcrypt
package.

The first one is called 'encrypt':

#!/bin/bash
stty -echo
echo -n "Enter your password: "
read passwd
stty echo     # Restores screen echo.
echo
echo

for file in `find ./ -type 'f'|grep -v -E "\.crypted$"`;
    do
        dest="${file}.crypted"
        if [ "$dest" != "$file" ]; then
            echo -n "Crypting $file to $dest... "
            if ( cat "$file"|mcrypt -q -k $passwd > "$dest" ); then
                echo " OK!"
                echo " Deleting $file"
                if ( rm -f "$file" ); then
                    echo "OK!"
                else
                    echo "Error!"
                fi
            else
                echo " Error!"
            fi
        else
            echo "$file is crypted!"
        fi
    done

--------------

The second one, is called 'decrypt':

#!/bin/bash
stty -echo
echo -n "Enter your password: "
read passwd
stty echo     # Restores screen echo.
echo
echo

for file in `find ./ -type 'f'|grep -E "\.crypted$"`;
    do
        dest=`echo $file|sed -e 's/\.crypted$//'`
        if [ "$dest" != "$file" ]; then
            echo -n "Decrypting $file to $dest... "
            if ( cat "$file"|mdecrypt -q -k $passwd > "$dest" ); then
                echo " OK!"
                echo " Deleting $file"
                if ( rm -f  "$file" ); then
                    echo "OK!"
                else
                    echo "Error!"
                fi
            else
                echo " Error!"
            fi
        fi
    done

----

Please make a backup of your files before testing the script!


Additional links:

mcrypt in a RPM package:
http://www.rpmfind.net/linux/rpm2html/search.php?query=mcrypt&submit=Search+...

mcrypt in DEB packages:
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=mcrypt&searchon=all&subword=1&version=all&release=all

mcrypt homepage:
http://mcrypt.hellug.gr/#_mcrypt

---

Clarification of Answer by runix-ga on 19 Jun 2002 15:11 PDT

Im sorry :) there're 2 scripts:
one called

'encrypt' to encrypt the files recursively

and

'decrypt' to decrypt the encrypted files :)

---

Request for Answer Clarification by skks-ga on 19 Jun 2002 17:19 PDT

Thanks.
I may have not been clear.
One of the programs i mentioned about, ccrypt, does what i wanted to
do without the need for the two extra scripts that you provided. The
reason i asked the question was to get feedback on whether ccrypt is a
respectable program. Do you know anything about it?

To pierpa-ga comment: Encrypted filesystems are ok but I do not want
to have to deal with kernel modifications that seem to be required by
the link you gave. Thanks anyway.

---

Clarification of Answer by runix-ga on 19 Jun 2002 18:42 PDT

I don't know the program but I know the cipher algorithm (which is
what really matters) it uses (AES/Rijndael).
This algorithm has been chosen by the US government:
http://www.nist.gov/aes/ and it's supposed to provide very strong
encryption.

You can get more information at the cipher's homepage:
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/

If you don't want to use ccrypt for the cipher it uses or any other
reason, my scripts can be easily modified to use any cipher that
mcrypt supports (cast-128, cast-256, enigma, xtea, arcfour, panama,
safer-sk64, saferplus, des, tripledes, blowfish, gost, rc2,
safer-sk128, threeway, serpent, wake, loki97, rijndael-128,
rijndael-192, rijndael-256, twofish, blowfish-compat)

Please, feel free to ask for other clarifications

It's very easy, as anything in Linux :-)

You just need an encrypted file that will become an encrypted tree of
files, or a directory if you prefer to depict it this way. This "tree"
or "directory" can be mounted everywhere: under your home directory if
you like.

Before mounting it you will need a password and/or a private key to
access its content, otherwise it will remain a useless file in your
home directory.

Once mounted (i.e. once given the necessary credentials) you will be
able to use it as any other filesystem you mount in your filesystem.
You can even email it or backup in CD-RW.

The whole procedure is fully explained at this link:

http://www.tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html

Hope this helps,

Greetings,

ppp

Did it ever occur to any of you to simply tar the directory, then
encrypt it (tar -c directory | mcrypt -k password > file), (cat file |
mdecrypt -k | tar -x)? Just a thought.

simac:

Skks said:
"I do not want to use zip (pkzip) since that does archiving into a
single file which i dont like. "

I was looking on google for references of mcrypt  and found your
script. but i found that it can be improved cause as long as it asks
one time for the password (on the encryption) you can misstype a
letter and get your files completely lost, also you have to be on the
directory that you want to encrypt, and also if you have files with
spaces (example: im\ novel.txt) you will get an error and wont work
the program.

So i modified yours and decided to post it for everyone.

-- My encrypter version -

#!/bin/bash
IFS='
'
if [[ -z $1 ]]
then
    echo "Use: cryptdir [directory]"
    exit
else
[ -x $1 ] && busc=1
if [[ $busc == 1 ]]
then
echo "Directory to Encrypt... ˇFound!"
else
echo -e "Directory to Encrypt... ˇNot Found!"
exit
fi
busc=0
    echo "$1 will be encrypted"
fi
stty -echo
echo -n "Password: "
read passwd
stty echo
echo
stty -echo
echo -n "Reenter Password: "
read passwd2
stty echo
echo
if [[ $passwd != $passwd2 ]]
then
    echo "Password missmatch"
    exit
else
    echo "The password is the same"
fi

for file in `find $1 -type 'f'|grep -v -E "\.crypted$"`;
    do

        dest="${file}.crypted"
        if [ "$dest" != "$file" ]; then
            echo -n "Encryptando $file a $dest... "
            if ( cat "$file"|mcrypt -a blowfish -q -k $passwd > "$dest" ); then
                echo " OK!"
                echo " Deleting $file"
                if ( rm -f "$file" ); then
                    echo "OK!"
                else
                    echo "Error!"
                fi
            else
                echo " Error!"
            fi
        else
            echo "$file is encrypted!"
        fi
    done

-- My decrypter version -- 

#!/bin/bash
IFS='
'
if [[ $1 == "" ]]
then
    echo "Use: decryptdir [directory]"
    exit
else
[ -x $1 ] && busc=1
if [[ $busc == 1 ]]
then
echo "Directory to Encrypt... ˇFound!"
else
echo -e "Directory to Encrypt... ˇNot Found!"
exit
fi
busc=0
    echo "$1 will be decrypted"
fi

stty -echo
echo -n "Password: "
read passwd
stty echo
echo

for file in `find $1 -type 'f'|grep -E "\.crypted$"`;
    do
        dest=`echo $file|sed -e 's/\.crypted$//'`
        if [ "$dest" != "$file" ]; then
            echo -n "Decrypting $file to $dest... "
            if ( cat "$file"|mdecrypt -q -k $passwd > "$dest" ); then
                echo " OK!"
                echo " Deleting $file"
                if ( rm -f  "$file" ); then
                    echo "OK!"
                else
                    echo "Error!"
                fi
            else
                echo " Error!"
            fi
        fi
    done