Solid, command-line file encryption tool?

[tranglos]

Tangentially related to mouser's ongoing search for an online backup solution. I'm trying the plain old ftp way, and for that I need an encryption utility with these features:

• Command-line operation (GUI is ok but optional; this will run from a batch file)
• Has to work with individual files; bonus points for storing multiple files in a single archive, but this is optional
• No asymmetric (public key) cryptography, so no gnupg. I want to decrypt with just the passphrase and not worry about losing the private key or having it with me at all times.
• Must use a known-good cipher with a reasonable key size. I don't care if three-letter agencies can crack it, but it has to be reasonably secure and use a well-known, solid encryption algorithm. No trade-secret, teenage wonder or homebrew solutions.
• Preferably a mature project, not something that just appeared last week.
• Must either be open source or come from a vendor I can trust. A small, independent vendor is preferable to a big corp, which will sacrifice security for profit and politics every time. (PGP is now owned by Symantec, yech!) Think TrueCrypt quality.
• Commercial apps OK, as long as they satisfy all of the above.

I think that's it. Haven't looked at crypto apps in a long time, so I've no idea what's out there now.

[Eóin]

Perhaps 7zip? It has a command line interface and meets your other requirements too I believe

[tranglos]

Perhaps 7zip? It has a command line interface and meets your other requirements too I believe

-Eóin (February 25, 2012, 12:14 PM)

Not only that, but it can encrypt headers in the compressed file, so unlike in zip files, you can't see the filenames inside the archive without decrypting. I like it, so thanks for confirming my so-far favorable impression.

What it does not have is a switch to compress each file into a separate archive. I need that to minimize the amount of data to upload, since my outgoing bandwidth sucks. Still, the best candidate I've seen so far. I wonder if the authors are susceptible to bugging for new features :-)

[Innuendo]

My Google Fu turned up this thread dealing with using WinRAR from the command line to create a separate archive for each file:

http://forums.techgu...parate-archives.html

All you would need to do is edit the provided batch file provided to tailor it to your desired encryption requirements. I don't think you can anything more mature & proven than WinRAR. The world's largest file transfer network (Usenet) depends on RAR files.

[Ath]

What it does not have is a switch to compress each file into a separate archive.

-tranglos (February 25, 2012, 12:23 PM)

You could do some smart batch scripting for that if needed?

[tranglos]

What it does not have is a switch to compress each file into a separate archive.

-tranglos (February 25, 2012, 12:23 PM)

You could do some smart batch scripting for that if needed?

-Ath (February 25, 2012, 03:06 PM)

Certainly. It's just much simpler to use a single command with a switch and a filemask than a shell FOR loop :-)

[Ath]

It's just much simpler to use a single command with a switch and ...

-tranglos (February 25, 2012, 03:22 PM)

That means a feature request is on it's way?

[AbteriX]

I have known a few but never used, and forgot them all at the moment.

One i still have in my collection is this, maybe it is from interest?
Can only say it have worked with some small test files... but nothing more.

Code: Text [Select]

1. MySecret Blowfish Encryption Utility
2.  
3. Version 3.1.1 Released 9 June 2007.
4.  
5. TO INSTALL
6.  
7.     1. Copy the file MYSECRET.EXE into a directory on your PC's path,
8.        e.g. C:\Windows or C:\WINNT
9.     2. That's it!
10.    
11. SYNTAX
12.  
13. Usage: MySecret [OPTIONS] [-p password] [[-i] infile [[-o] outfile]]
14. OPTIONS:
15. -?|-h display this Help
16. -e|-d force Encrypt/Decrypt
17. -n do Not ask to confirm password
18. -w Warn before overwriting existing outfile
19. -2 use v2.0 algorithm (no compression)
20. -@ use stdin/stdout pipes if in/outfile not given
21. -L display licence conditions
22. EXAMPLES:
23. MySecret                (=clipboard-mode, prompts for password)
24. MySecret -p "my pass phrase"
25. MySecret infile outfile (=file-mode)
26. MySecret -@ infile      (output to stdout)
27. MySecret -@ -o outfile  (input from stdin)
28. MySecret -@             (input from stdin/output to stdout)
29. For more information go to <http://www.di-mgt.com.au/mysecret.html>

The encrypted file is BASE64 encoded

Code: Text [Select]

1. -----BEGIN MYSECRET-----
2. TVn8AJd6uSAqarO1xZh78NUQWMXXfNb+F0K0yYmijYjf//JOmY8ecQUCJmh9
3. b1hIVJKjdUad8FtsdjGGsAJ5whHh71ajI492oIH/OeHBM+LyMRS8qB80EqPa
4. FQ6VxgXsOmV3B7LBKYyVKRcUL+Czwwj9PQL/dbFVcumqK/ppaU3pfTVVfzbU
5. urKDVtqVMcBxbEe8F4LRC7K23PB7l1M3aO/oZaRxCiPznmFj9HiSnenHiajc
6. InDb7n5F1v40Abx8XyL9a6yRhRWHbEWMvDJYc1UjEqu3wp+oJccdTpSERBfT

There is even an script to use it from XYplorer;

Code: Javascript [Select]

1. /*
2. ===================================================================================
3. INSTRUCTIONS
4.  Download the latest version of MySecret.zip (47 kB) from http://www.di-mgt.com.au/mysecret.html
5.  Unzip the MySecret.zip into an folder, e.g. into "<xypath>\Tools\MySecret\..."
6.  Save this script e.g. as "MySecret.xys" into "<xypath>\Scripts\..." folder
7. USING
8.  Select one file
9.  Launch this script, e.g. from menu "Scripting > Load Script File... > MySecret.xys"
10.  From the dialog choose "Encrypt" [or "Decrypt"]
11.  The resulting output is encrypted and encoded using base64 encoding, ready to mail it.
12. ===================================================================================
13. */
14.  
15.  
16. "Encrypt"
17.  // creates an new, encrypted file with additional 'mys' extension:
18.  $pas1 = Input("MySecret EnCrypt","Enter your password for ""<curname>"":");
19.  $pass = Input('Confirm','Re-type your password:');
20.  end ("$pas1" != "$pass"), "Password did not match";
21.   run "<xypath>\Tools\MySecret\MySecret.exe -w -e -p $pass -i ""<curitem>"" -o ""<curitem>.mys""";
22. //===============================
23.  
24.  
25.  
26. "Decrypt"
27.  // creates an new, decrypted file and removes the 'mys' extension:
28.  $pass = Input("MySecret DeCrypt","Enter your password for ""<curname>"":");
29.   run "<xypath>\Tools\MySecret\MySecret.exe -d -w -p $pass -i ""<curitem>"" -o ""<curpath>\<curbase>""";
30. //===============================
31.  
32.  
33.  
34.  
35. "Readme"
36.  sub "_readme";
37. //===============================
38.  
39.  
40.  
41. -
42.  
43. "Edit this &script : edit"
44.    self $ScriptFile, file;
45.    OpenWith "<xypath>\Tools\NotePad2\Notepad2.exe", ,$ScriptFile;
46. //===============================  
47.  
48.  
49.  
50. "_readme"
51.  text <<<TEXT
52. MySecret Blowfish Encryption Utility
53. Version 3.1.1 Released 9 June 2007.
54.  
55. Works fine for file size till ~5MB.
56. Decodeing an file with e.g. 25MB takes a few minutes.
57.  
58. TO INSTALL
59.     1. Copy the file MYSECRET.EXE into a directory on your PC's path,
60.       e.g. C:\Windows or C:\WINNT
61.    2. That's it!
62.    
63. SYNTAX
64. Usage: MySecret [OPTIONS] [-p password] [[-i] infile [[-o] outfile]]
65. OPTIONS:
66. -?|-h display this Help
67. -e|-d force Encrypt/Decrypt
68. -n do Not ask to confirm password
69. -w Warn before overwriting existing outfile
70. -2 use v2.0 algorithm (no compression)
71. -@ use stdin/stdout pipes if in/outfile not given
72. -L display licence conditions
73. EXAMPLES:
74. MySecret                (=clipboard-mode, prompts for password)
75. MySecret -p "my pass phrase"
76. MySecret infile outfile (=file-mode)
77. MySecret -@ infile      (output to stdout)
78. MySecret -@ -o outfile  (input from stdin)
79. MySecret -@             (input from stdin/output to stdout)
80. For more information go to <http://www.di-mgt.com.au/mysecret.html>
81.  
82. TERMS AND CONDITIONS
83.  
84. MySecret is copyright (C) 2002-7 DI Management Services Pty Ltd, all rights
85. reserved. MySecret is freeware. Install and use entirely at your own risk.
86.  
87. Read more at http://www.di-mgt.com.au/mysecret.html
88.  
89. TEXT;
90. //===============================<EOF>

[criss]

Hi,

I use this:
http://www.di-mgt.com.au/mysecret.html

and from time to time:
7z commandline

Then there are:
http://code.google.com/p/shacrypt/
http://code.google.c...m/p/dnfileencryptor/
...

[tranglos]

Thanks, everyone! Will try out the suggestions.