Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "what are the methods of file encryption in Linux system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Method 1: gzexe encryption is not a very safe method, but it can meet the general encryption purpose, and can hide the password and other information in the script. It uses the gzexe program that comes with the system, which not only encrypts but also compresses files. * examples are as follows: *

[root@ipsan-node03 ~] # echo "" > a.txt [root@ipsan-node03 ~] # cat a.txt [root@ipsan-node03 ~] # ls a.txt a.txt [root@ipsan-node03 ~] # gzexe a.txt a.txt: 22.2% [root@ipsan-node03 ~] # ls a.txt a.txt~ gzexe method will back up the file a.txt that was not encrypted as a.txtt~ At the same time, the a.txt file becomes an encrypted file (that is, into ciphertext) [root@ipsan-node03 ~] # cat a.txt files? ? / [root@ipsan-node03 ~] # ls a.txt a.txt ~ [root@ipsan-node03 ~] # rm-f a.txt ~ [root@ipsan-node03 ~] # ls a.txt will be deleted from the backup file [root@ipsan-node03 ~] # gzexe-- help Usage: / usr/bin/gzexe [OPTION] FILE... using the-d parameter Rename each FILE with a compressed version of itself, renaming FILE to FILE~. -d Decompress each FILE instead of compressing it. -help display this help and exit-version output version information and exit Report bugs to. After decompression, the a.txt content of the file will be restored, and the previously encrypted file will also be changed into a.txtus.similarly, the backup file [root@ipsan-node03 ~] # gzexe-d a.txt [root@ipsan-node03 ~] # ls a.txt a.txtt] # cat a.txt [root@ipsan-node03 ~] # cat a.txtt~ backup will be deleted. ?

[root@ipsan-node03 ~] # ls test.txt [root@ipsan-node03 ~] # cat test.txt heiheihei the following command is used to encrypt and compress filename files (test.txt) to generate filename.des3 encrypted compressed files 123U123 is the encrypted password [root@ipsan-node03 ~] # tar-zcf-test.txt | openssl des3-salt-k 123U123 | dd of=test.txt.des3 01records in 0131records out 152b copied, 0.00333366 s 45.6 kB/s-you can also set / mnt All recorded files are encrypted and compressed [root@ipsan-node03 ~] # tar-zcf-/ mnt/* | openssl des3-salt-k 123 encrypted 123 | dd of=test.des3 or encrypted according to matching rules [root@ipsan-node03] # tar-zcf-/ mnt/pass_* | openssl des3-salt-k 123 encrypted 123 | dd of=test.des3 -usually after encryption The source file will be deleted [root@ipsan-node03 ~] # ls test.txt test.txt.des3 [root@ipsan-node03 ~] # rm-f test.txt [root@ipsan-node03 ~] # cat test.txt.des3 Salted__H "+ ZCHaW license\ bS ©| >" H "*?"? @ "? qk) B" qk " Ochl\ cz-?/ 2AuK + 3 / 3? Decompression operation: [root@ipsan-node03 ~] # dd if=test.txt.des3 | openssl des3-d-k 123x123 | tar zxf-0mm 1 records in 0n 1 records out 152B copied, 4.5873e-05 s, 3.3MB/s [root@ipsan-node03 ~] # ls test.txt test.txt.des3 [root@ipsan-node03 ~] # cat test.txt heiheihei Note the "-" at the end of the command, which will release all files. -k 123 / 123 may not be available. When decompressing, you will be prompted to enter a password. Method 3: encrypt and decrypt files and directories by combining Tar and OpenSSL.

It is critical to add a layer of protection to files and directories when there is important sensitive data, especially when you need to transfer data to others over the network. For this reason, tar (a compression packaging tool of Linux) and OpenSSL can be used to solve the problem. With these two tools, you can really create and encrypt tar archives effortlessly. The following describes the use of OpenSSL to create and encrypt tar or gz (gzip Archive files: keep in mind that the general way to use OpenSSL is: # openssl command command-options arguments example: [root@ipsan-node03 ~] # cd / mnt/ [root@ipsan-node03 mnt] # ls [root@ipsan-node03 mnt] # echo "123" > a.txt [root@ipsan-node03 mnt] # echo" 456 "> b.txt [root@ipsan-node03 mnt] # echo" 789 "> c.txt [root@ipsan -node03 mnt] # ls a.txt b.txt c.txt now encrypts the contents of the current working directory (according to the size of the file This may take some time) [root@ipsan-node03 mnt] # tar-czf-* | openssl enc-e-aes256-out test.tar.gz enter aes-256-cbc encryption password: / / suppose the password set here is 123456 Verifying-enter aes-256-cbc encryption password: interpretation of the above command: enc uses encryption to encode-e the enc command option used to encrypt the input file This refers to the output of the previous tar command-the algorithm used for aes256 encryption-the enc command option used by out to specify the output file name The file name here is test.tar.gz [root@ipsan-node03 mnt] # ls a.txt b.txt c.txt test.tar.gz [root@ipsan-node03 mnt] # rm-rf a.txt [root@ipsan-node03 mnt] # rm-rf b.txt [root@ipsan-node03 mnt] # rm-rf c.txt [root@ipsan-node03 mnt] # ls test.tar.gz is definitely not allowed to decompress the encrypted tar package above! [root@ipsan-node03 mnt] # tar-zvxf test.tar.gz gzip: stdin: not in gzip format tar: Child returned status 1 tar: Error is not recoverable: exiting now to decrypt the above tar archive content, you need to use the following command. [root@ipsan-node03 mnt] # openssl enc-d-aes256-in test.tar.gz | tar xz-C / mnt/ enter aes-256-cbc decryption password: [root@ipsan-node03 mnt] # ls a.txt b.txt c.txt test.tar.gz explanation of the above command:-d is used to decrypt files-C extracts the compressed files to the target directory when you are working on the local network or the Internet You can use encryption at any time to protect important text or files that you share with others, which helps reduce the risk of exposing them to malicious attackers. Method 4: shc encryption (encrypt shell scripts only)

Shc is a professional tool for encrypting shell scripts. Its function is to convert the shell script into an executable binary file, which solves the problem that the script contains IP, password and so on that you don't want to disclose. If your shell script contains sensitive passwords or other important information, and you don't want users to capture sensitive information through ps-ef (check the status of each process in the system). You can use the shc tool to add an extra layer of security to shell scripts. Shc is a script compilation tool that uses RC4 encryption algorithm to convert shell programs into binary executable line files (supports static and dynamic links). The tool is well supported: environments that require encryption, decryption, or pass passwords through command parameters. Download address of shc's official website: http://www.datsi.fi.upm.es/~frosal/sources/ installation method: [root@ipsan-node03 ~] # cd / usr/local/src/ [root@ipsan-node03 src] # wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz [root@ipsan-node03 src] # tar-zvxf shc-3.8.9.tgz [root@ipsan-node03 src] # cd shc-3.8.9 [root@ipsan-node03 shc-3.8.9] # mkdir-p / usr/local/man/man1 this step is required Otherwise, an error will be reported during the installation process, and shc will install the command to the / usr/local/bin/ directory Store the help documents in the / usr/local/man/man1/ directory, if there is no such directory in the system, an error will be reported during installation. You can create this directory and then install [root@ipsan-node03 shc-3.8.9] # make install. This is to answer yes or y, and you cannot enter directly, otherwise you will report an error. Note that sch can only encrypt shell script files, not other files! How to use sch encryption: the "- f" option specifies the program to be encrypted [root@ipsan-node03 ~] # ls text.sh [root@ipsan-node03 ~] # cat text.sh #! / bin/bash echo "" [root@ipsan-node03 ~] # shc-r-f text.sh [root@ipsan-node03 ~] # ls text.sh text.sh.x text.sh.x.c Note: the-r option is required, followed by the name of the script to be encrypted. Two files are generated after running. Script-name.x and script-name.x.c script-name.x are encrypted executable binaries. . / script-name.x can be run. Script-name.x.c is the original file that generates script-name.x (c language) [root@ipsan-node03 ~] #. / text.sh [root@ipsan-node03 ~] #. / text.sh.x is usually considered from the point of view of security: after encrypting the shell script file with the sch command, you only need to keep the .x binary file, and the other two files can be deleted! [root@ipsan-node03 ~] # ls text.sh text.sh.x text.sh.x.c [root@ipsan-node03 ~] # rm-rf text.sh [root@ipsan-node03 ~] # rm-rf text.sh.x.c [root@ipsan-node03 ~] # ls text.sh.x [root@ipsan-node03 ~] #. / text.sh.x in addition: shc also provides a method to set an effective execution period You can first use shc to convert the shell program to binary and add the expiration time For example, [root@ipsan-node03 ~] # shc-e 28 text.sh.x shc 2018-m "this script file is about to expire"-v-r-f text.sh shc shll=bash shc [- I] =-c shc [- x] = exec'% s'"$@" shc [- l] = shc opts= shc: cc text.sh.x.c-o text.sh.x shc: strip text.sh.x shc: chmod go-r text.sh.x [root@ipsan-node03 ~] # ls Text.sh text.sh.x text.sh.x.c explains:-e: specify the expiration time is February 28, 2018-m: printed information after expiration -v: verbose-r: can be executed on different hosts of the same operating system-f: specify the source shell if executed after expiration, there will be the following prompt: [root@ipsan-node03 ~] # / text.sh.x. / text.sh.x: this script file is about to expire using the above methods should pay attention to prevent users from changing the system time You can solve this problem by adding a command to update the system time automatically in the program! Sch help command: [root@ipsan-node03 ~] # shc-help shc Version 3.8.9 Generic Script Compiler shc Copyright (c) 1994-2012 Francisco Rosales shc Usage: shc [- e date] [- m addr] [- I iopt] [- x cmnd] [- l lopt] [- rvDTCAh]-f script-e% s Expiration date in dd/mm/yyyy format [none] (specify expiration date)-m% s Message to display upon expiration ["Please contact your provider"] (specify expiration prompt information) -f% s File name of the script to compile (specify the path and file name of the shell to be compiled)-I% s Inline option for the shell interpreter i.e:-e-x% s eXec command As a printf format I. E: exec ('% s recording recording ARGV) -l% s Last shell option i.e:-r Relax security. Make a redistributable binary (which can be executed on different systems with the same operating system)-v Verbose compilation (details of compilation)-D Switch ON debug exec calls [OFF]-T Allow binary to be traceable [no]-C Display license and exit-A Display abstract and exit-h Display help and exit Environment variables used: Name Default Usage CC Cc C compiler command CFLAGS C compiler flags Please consult the shc (1) man page. Note: after testing, the same in the operating system, the executable binaries after shc can be ported and run directly, but different operating systems may have problems, such as the above test.sh.x binaries encrypted on CentOS6.9 and moved to redhat as5u4 cannot be run, there is a "Floating point exception" error prompt, but it is no problem to move to another CentOS6.9 to run directly. Method 5: ZIP encryption

1) File encryption using the command "zip-e filename.zip filename", you can be prompted to enter a password, enter the password twice. This file needs a password when it is encrypted and decompressed.

Let's start encrypting the test.txt file [root@centos6-vm02 ~] # cat test.txt this is a testboxes! [root@centos6-vm02 ~] # zip-e test.txt.zip test.txt / / when encrypting as follows, you need to enter the password Enter password: Verify password: adding: test.txt (stored 0%) [root@centos6-vm02 ~] # ls test.txt test.txt.zip to decompress You need to enter the password [root@centos6-vm02 ~] # rm-f test.txt [root@centos6-vm02 ~] # unzip test.txt.zip Archive: test.txt.zip [test.txt.zip] test.txt password: extracting: test.txt [root@centos6-vm02 ~] # cat test.txt this is a testboxes encrypted 2) folder encryption using the command "zip-re dirname.zip dirname", you will be prompted to enter the password and enter the password twice. A password is required when this file is encrypted and decompressed.

Let's start encrypting the directory [root@centos6-vm02 ~] # mkdir dirtest [root@centos6-vm02 ~] # cat dirtest/.txt this is test of dirt files! [root@centos6-vm02 ~] # zip-re dirtest.zip dirtest Enter password: Verify password: adding: dirtest/ (stored 0%) adding: dirtest/.txt (stored 0%) when decompressing the directory, enter the password [root@centos6-vm02 ~] # rm-rf dirtest [root@centos6-vm02 ~] # unzip dirtest.zip Archive: dirtest.zip creating: dirtest/ [dirtest.zip] dirtest/.txt password: extracting: dirtest/.txt [root@centos6-vm02 ~] # ls dirtest .txt [root@centos6-vm02 ~] # cat dirtest/.txt this is test of dirt boxes! Method 6: the full name of GnuPG encryption GnuPG is GNU Privacy Protection (GNU Privacy Guard), often referred to as GPG, which combines a set of encryption software. It is written by the GNU project in the C programming language. The latest stable version is 2.0.27. In most Linux distributions today, the gnupg package comes with it by default, so in case it is not installed, you can use apt or yum to install it from the software library (yum install gnupg). Note: gpg can only encrypt files, but cannot encrypt directories!

Let's start using GnuPG to encrypt test.txt files [root@centos6-vm02 ~] # cat test.txt this is a testboxes! Once you run the gpc command with the-c option (encrypted entirely with a symmetric cryptographic algorithm), it generates a file .gpg file. [root@centos6-vm02 ~] # ll test.txt*-rw-r--r--. 1 root root 18 Jan 4 10:08 test.txt-rw-r--r--. 1 root root 61 Jan 4 10:04 after test.txt.gpg encrypts the file, it is best to delete the source file! Stop keeping the source files! [root@centos6-vm02 ~] # rm-f test.txt file decryption operation. 1 root root 18 Jan 4 10:08 test.txt-rw-r--r--. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.