From be3bfe37bdcc40f423edab8234998e790a0b1b87 Mon Sep 17 00:00:00 2001 From: alifeee Date: Tue, 28 Jan 2025 14:26:52 +0000 Subject: [PATCH] Add files via upload --- ... to manually encrypt and decrypt a file.md | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 notes/how to manually encrypt and decrypt a file.md diff --git a/notes/how to manually encrypt and decrypt a file.md b/notes/how to manually encrypt and decrypt a file.md new file mode 100644 index 0000000..ed8c685 --- /dev/null +++ b/notes/how to manually encrypt and decrypt a file.md @@ -0,0 +1,90 @@ +--- +title: how to manually encrypt and decrypt a file (or folder) +date: 2025-01-28 +tags: encryption +--- +I've wondered the answer to this question for a while. + +Today, I figured I'd find out a nice way, as I wanted to store an SSH private key on a server (so I can access it from different computers in different locations). I could also store it on my phone, as I (mostly) have that on me. + +The idea could be that you would have a local file, encrypt it, then store it on a server (or any file sharing service like Dropbox/Google Drive/etc). Then, from a different device, you could download it, and unencrypt it. + +## set aliases + +I found [this answer on the internet](https://unix.stackexchange.com/a/162985), and I set some aliases so I can easily arbitrarily password-encrypt/decrypt files. I set the aliases with [`atuin`](https://atuin.sh/), so they sync across all my devices, but you could also stick this in `~/.bashrc` or elsewhere. The aliases are: + +```bashrc +alias decrypt='openssl enc -d -aes-256-cbc -pbkdf2 -in' +alias encrypt='openssl enc -aes-256-cbc -pbkdf2 -in' +``` + +## encrypt + +Then, I can use them by supplying a file, and I get a bunch of jumbled characters, which *I* certainly couldn't crack. + +```bash +$ echo 'this is totally an SSH key' > non_encrypted_file.txt + +$ encrypt non_encrypted_file.txt | tee encrypted_file.txt +enter AES-256-CBC encryption password: ******** +Verifying - enter AES-256-CBC encryption password: ******** +=���?���C�9���_Z���>E +``` + +## decrypt + +To decrypt, I put in the same password I used to encrypt: + +```bash +$ decrypt encrypted_file.txt +enter AES-256-CBC decryption password: ******** +this is totally an SSH key +``` + +## using pipes + +I can also use pipes! + +```bash +$ cat non_encrypted_file.txt | encrypt - > encrypted_file.txt +enter AES-256-CBC encryption password: ******** +Verifying - enter AES-256-CBC encryption password: ******** + +$ cat encrypted_file.txt | decrypt - +enter AES-256-CBC decryption password: ******** +this is totally an SSH key +``` + +## notes + +### how good is the encryption + +I'm not sure how "good" `aes-256-cbc` as an encryption protocol(?). I'll ignore this fact. + +### how to expand aliases + +in future, I may want to know what type of encryption I use. I could go and look at my aliases file, but I discovered that you can also type `ALT+CTRL+E` (or `ESC+CTRL+E`) to expand aliases inline, so turning line 1 into line 2 + +```bash +encrypt +openssl enc -aes-256-cbc -pbkdf2 -in +``` + +### how to encrypt a folder/multiple files + +to encrypt a folder, you could use `tar` to turn the folder into a `.tar` file, which looks like a file. Then, use `tar` to stop making it into a file later. A bit like this. + +```bash +# create archive +tar -cf non_encrypted_folder.tar non_encrypted_folder/ +# encrypt +encrypt non_encrypted_folder.tar > encrypted_folder.tar +# remove original folder +rm -rf non_encrypted_folder/ +# decrypt +decrypt encrypted_folder.tar > decrypted_folder.tar +# extract archive +tar -xf decrypted_folder.tar +# check exists +cat non_encrypted_folder/non_encrypted_file.txt +```