Ubuntu Tips n Tricks

Free and Open Source Encryption Software for Linux

Posted: 12 Jan 2010 10:07 PM PST

One of the best ways to protect sensitive computer data like credit card numbers and social security information is to use encryption software. Encryption software executes an algorithm that is designed to encrypt data in such a way that it cannot be recovered (decrypted) without access to the key. It is a main component of all aspects of file protection and computer communication. Files on hard drives and other removable media, email messages, and packets sent over computer networks can be made secure by encryption software.

For those of you who are interested, here's a list of well-known free and open source encryption software for Linux:

TrueCrypt

TrueCrypt is one of the most popular disk encryption tools around. It can encrypt and decrypt files on-the-fly (real-time) as needed without user intervention beyond entering the passphrase. TrueCrypt is capable of creating a virtual encrypted disk within a file or a device-hosted encrypted volume on either an individual partition or an entire storage device. It currently uses the XTS mode of operation but is backward compatible with older volumes.

Here are some of the main features of TrueCrypt:

* Creates a virtual encrypted disk within a file and mounts it as a real disk.
* Encrypts an entire partition or storage device such as USB flash drive or hard drive.
* Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
* Provides plausible deniability, in case an adversary forces you to reveal the password.
* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

More about TrueCrypt HERE

GNU Privacy Guard (GnuPG or PGP)

GNU Privacy Guard is security software used in protecting data storage and communication. It is utilized in encrypting and signing data to ensure its privacy and authenticity. It encrypts messages using asymmetric keypairs individually generated by GnuPG users. The GnuPG tool has a command line interface, but there are various front-ends that provide it with a graphical user interface. GnuPG encryption support has been integrated into KMail and Evolution.

Some of its features include:

* Full OpenPGP implementation
* Full replacement of PGP
* Easy implementation of new algorithms using extension modules
* Does not use any patented algorithms
* Can be used as a filter program
* Better functionality than PGP and some security enhancements over PGP 2
* Decrypts and verifies PGP 5, 6 and 7 messages
* Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER
* Integrated support for HKP keyservers

More about GnuPG HERE

OpenSSL

OpenSSL is an open source implementation of the SSL and TLS protocols. The project's primary goal is to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general-purpose cryptography library. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

More about OpenSSL HERE

Seahorse
Seahorse is a simple and easy-to-use GNOME front-end application for managing encryption keys such as PGP and SSH. It also integrates with nautilus, gedit and other places for encryption operations. The program supports HKP and LDAP key server.

The following are some of its features:
* Encrypting/decrypting/signing files and text
* Managing your keys and keyring
* Synchronizing your keys and your keyring with key servers
* Signing keys and publishing
* Caching your passphrase
* Backing up your keys and keyring

More about Seahorse HERE

mcrypt

mcrypt is a replacement for the popular UNIX crypt package and crypt command. The crypt was a file encryption tool that was using an algorithm very close to the World War II enigma cipher, which was broken. Mcrypt provides the same functionality but uses several modern algorithms such as AES. Libmcrypt, Mcrypt's companion, is a library of code that contains the actual encryption functions and provides an easy method for use. Mcrypt implements numerous cryptographic algorithms, mostly block ciphers and stream ciphers, some of which falls under export restrictions in the United States.

More about mcrypt HERE

If you know of other free and open source encryption software that you would like to add to our list above, please share them with us via comment.