Internetling

I received another guest blog article, so I’m posting this before I start. This very interesting article is by Ryan. Ryan’s other postings are at http://source.kohlerville.com where he mainly posts about problems he runs into at his work.

At my work, I noticed that I work on some documents that I felt needed to be encrypted. Working in a hybrid environment with Gentoo Linux, CentOS Linux, Solaris 10 sparc/i86pc, and Windows, I wanted to pick a program that was open source and can use cross platform if possible. I wanted to encrypt files instead of creating encrypted volumes that I have to mount and then put files into. It gives me an option to e-mail the encrypted files as well.

By default, our Solaris boxes come with /usr/bin/crypt which I can use to encrypt and decrypt files. Looking over the wikipedia entry, it is too cryptographically weak that it could be brute forced. After reading about this, I wanted something that uses the Rijndael cipher, which is much stronger and would take quite awhile to brute force.

Upon my search, I found two different open source programs that hashes the key to 256 bits (2^256 different possibilities):

• ccrypt
• aescrypt

Here’s a quick run down of some pros and cons of each:

ccrypt

Pros:
• Can be compiled/installed on multiple operating systems. Encrypting a file on Linux doesn’t mean it has to be decrypted in Linux. You can use encrypt in Linux and decrypt on Solaris just fine.
• The encryption writes over original file so you don’t leave any plain text copies around.
• The ccat command lets you cat the encrypted file to your screen without leaving plain text copies.
• Can decrypt old UNIX crypt files.
• A ton more options you can do. For example, recurse through directories.

Cons:
• The Windows port needs to have cygwin installed.
• Compiling on UNIX required to do the old ./configure, make , make install. Only a con because of how simple aescrypt was.

aescrypt

Pros:
• Can be compiled/installed on multiple operating systems. Encrypting a file on Linux doesn’t mean it has to be decrypted in Linux. You can use encrypt in Windows and decrypt on Solaris just fine.
• Windows port integrates with the context menu. You can right click a file and choose “AES decrypt” or “AES encrypt”.
• Really simply to compile, just a simple make.
• Has a java library to use for your java programs.

Cons:
• Encrypting a file creates a new file with the extension aes and leaves the plain text file alone.
• Only decrypt and encrypt, no nifty ccat command like in ccrypt.

The real deal breaker to some people though is how aescrypt can integrate in the context menu in Windows while ccrypt has to use cygwin to get it to work. I did not fall into this category as my deal breakers were the convenience of having ccat to quickly look over a file and the fact that I don’t have to do an extra step of deleting my plain text file after encrypting to be well worth it. Yes, it would be nice if I could use ccrypt in Windows without cygwin, but having it work on Linux and Solaris was good enough for me.

Choose what you need for your environment though, not everyone’s needs are the same. For creating some encrypted volumes, try out True Crypt.