If you want to encrypt just a single file there exist various options under the Linux, macOS or Windows operating systems. This article shows some of these tools and how and if to use them.

ccrypt

ccrypt can be installed using your package manager (apt, yum, …) if you are using Linux. Homebrew if you are using macOS. And if you are using Windows you can install it using Cygwin.

The following example outlines how you can use ccrypt to encrypt and decrypt a file. Be aware that ccrypt overwrites the given input file by default.

% echo "hello world" > plain.txt
% ccrypt --encrypt plain.txt
Password:
Enter password again:
% ls
plain.txt.cpt
% ccrypt --decrypt plain.txt.cpt
Password:
% ls
plain.txt

The ccrypt packages normally also install further binaries like ccenrypt or ccdecrypt. They are just shortcuts. ccencrypt is a shortcut for ccrypt --encrypt for instance.

ccrypt is based on the Rijndael block cipher, a version of which is also used in the Advanced Encryption Standard (AES). A key with 256 bits is used. The key is derived by hashing the password provided by the user. So keep in mind that it is important to use a strong password (e.g. pwgen --secure 64 1).

Discouraged tools

crypt

crypt has been released 50 years ago for the Unix operating system. It’s usage has been discouraged for decades now because it’s encryption algorithm is far too weak for todays use cases. I wanted to include it in this article nontheless because it has inspired a lot of other utility programs used for encryption.

mcrypt

mcrypt is a replacement for the popular Unix crypt command. mcrypt provides the same functionality but uses several modern algorithms such as AES. It is unmaintained and therefore it’s use is discouraged. It’s latest release from 2007 can be downloaded from here.