If you need strong command line encryption on Linux, look no further than 7zip.
You have information on your machines that needs to be secure. This could be client data, company secrets, or your own personal information that you don't want viewed by the wrong person. To that end, you'll go to some rather challenging means to protect that information.
But what if that task could be made considerably easier? Although some might not think of the command line as the easier option, there are some CLI tools that do make short shrift of a task.
Such is the case with 7zip. Although this tool is typically used for zipping and unzipping files, it also includes the ability to encrypt and decrypt those files.
I want to walk you through the installation and usage of 7zip for file encryption. I'll be demonstrating on Ubuntu Server, but the tool can be used on most Linux distributions.
SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
What you'll need
A running Linux distribution
A user with sudo privileges
Some data to encrypt
How to install the 7zip package on Linux distributions
Chances are slim your Linux distribution includes the 7zip package. In order to install the package that includes the encryption features, log in to your Linux machine, open a terminal window, and issue the following command:
sudo apt-get install p7zip-full -y
To install on a different type of distribution, use a similar command as shown above, substituting apt-get for the likes of dnf or zypper.
That's all there is to the installation.
How to encrypt files with 7zip
Let's say you have the file webservers, which contains important information about the web servers in your data center. To encrypt that file with 7zip, issue the command:
7z a -p -mx=9 -mhe -t7z webservers.7z webservers
The options used above are:
a: Add files to archive
-p: Prompt for a password
-mx=9: Level of compression (9 being ultra)
-mhe: Encrypt file names
-t7z: Generate a 7z archive
You will be prompted to create a passphrase for the encryption. Once you've done that, the new encrypted file webservers.7z is created.
You can also encrypt multiple files. Say you have the files webservers and kubernetes to be encrypted into the file data.7z. The command for this would be:
7z a -p -mx=9 -mhe -t7z data.7z webservers kubernetes
The above command would create the encrypted data.7z file, encrypted by the password of your choice.
Once you've encrypted the files, you should then delete the originals. Why? Because those original files (in our examples webservers and kubernetes) aren't encrypted. Only the newly created .7z files are encrypted. So delete those files with the command:
rm webservers kubernetes
How to decrypt files with 7zip
Those files wouldn't be of any use to you if you couldn't decrypt them. So how do you do that? We have the files data.7z and webservers.7z. With 7z, file decryption is done like so:
7za e data.7z
7za e webservers.7z
In either instance, you'll be asked for the passphrase you created during the encryption process. If you failed to delete the original files (which you shouldn't neglect to do), 7z will ask if you want to overwrite the existing files--in our examples that would be webservers and kubernetes (Figure A).
Once you've decrypted the file(s), you can then view their contents.
And that's the gist of using 7zip to encrypt and decrypt files. For anyone who needs strong command line encryption on Linux, this might well be the ideal choice for you.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- How to use tee and script commands to capture output and errors to file (TechRepublic)
- Snowflake is the Linux SSH GUI you didn't know you needed (TechRepublic)
- How to add new authorization credentials to Jenkins (TechRepublic)
- How to set up secure credential storage for Docker (TechRepublic)
- Academics steal data from air-gapped systems using screen brightness variations (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)