If you have a file that contains sensitive information (like passwords or your social security number) you will want to encrypt it. Even though the file permissions may be set so it is only readable by you, it would still be readable by users with root privileges or someone who had compromised the system. To guard against such potential exposure of your sensitive data, you are encouraged to use encryption. This document provides a very basic introduction to encrypting files on the CS Linux systems.

This document provides the basics of using the gpg encryption tool as well as encryption options in emacs and vi. But, before we get to that there is one very important thing to note: YOU MUST NOT FORGET THE PASSWORD YOU USE TO ENCRYPT FILES OR THE DATA WILL BE LOST. It is not possible for systems staff to recover your password so you must ensure that you don't forget it.

1. Using gpg

   GnuPG (aka. gpg) is a commonly used encryption tool that is installed on all the CS Linux systems. GnuPG can be used for lots of encryption tasks, including public/private key encryption and key mangement. This FAQ will only provide the most basic introduction to GnuPG needed to simply encrypt and decrypt files. You are encouraged to see the GnuPG documentation for more details.

   If you have a file name "somefile", you can encrypt it into a file named "somefile.gpg" by just running:

   gpg -c somefile

   This will prompt for a password and leave you with two files, the un-encrypted "somefile" and the encrypted "somefile.gpg". Be sure to remove the original un-encrypted version once you have verified that the encryption was successful.

   You can then decrypt the file by running:

   gpg somefile.gpg

   This will write the decrypted version into a file named "somefile".

2. Using emacs with gpg

   If you are an emacs user, you can use the crypt++ package to easily edit encrypted files in-place. To use this, just put the following line in your ~/.emacs file:

   (require 'crypt++)

   Once this is done, emacs will automatically encrypt and decrypt files with the .gpg extension. So, if you run "emacs somefile.gpg" it will ask you if you want to save as an encrypted file and prompt for a password when you save the file. On subsequent edits, you will be prompted for the password when you open the file.

3. Using encryption with vi

   Vi and the Vi variants like vim and gvim have a simple crypt-based encryption mechanism built in. If you are a vi user, you will find this very easy to use but do note that vi uses a weaker encryption mechanism than gpg. All you have to do is use the -x flag when you create a file. For example, you could run the following to create an encrypted file named "somefile":

   vi -x somefile

   You will be prompted for the password when you create the file.

   On subsequent edits, do not use the -x flag and vi will recognize that the file is encrypted and prompt you for the password. Note that you should NOT use the -x flag for edits of already encrypted files because that will result in you re-encrypting an already encrypted file.

[Return to the FAQ index]