File Based Encyption

Data encryption might be necessary in some cases.
Therefore a tool has been installed to ensure you are able to encrypt data/files on the local cluster infrastructure@AEI. Ccrypt is very portable and encypted data/files can be easily decrypted on other LInux/Windows/MACOSX operating systems again.

Note: Always remember the passphrase

How to use ccrpyt
ccrypt is available on all High Performance Systems via the software module management system

module av
[...]
ccrypt-1.10
[..]
module add ccrypt-1.10

Usage

ccrypt 1.10. Secure encryption and decryption of files and streams.

Usage: ccrypt [mode] [options] [file...]
       ccencrypt [options] [file...]
       ccdecrypt [options] [file...]
       ccat [options] file...

Modes:
    -e, --encrypt         encrypt
    -d, --decrypt         decrypt
    -c, --cat             cat; decrypt files to stdout
    -x, --keychange       change key
    -u, --unixcrypt       decrypt old unix crypt files

Options:
    -h, --help            print this help message and exit
    -V, --version         print version info and exit
    -L, --license         print license info and exit
    -v, --verbose         print progress information to stderr
    -q, --quiet           run quietly; suppress warnings
    -f, --force           overwrite existing files without asking
    -m, --mismatch        allow decryption with non-matching key
    -E, --envvar var      read keyword from environment variable (unsafe)
    -K, --key key         give keyword on command line (unsafe)
    -k, --keyfile file    read keyword(s) as first line(s) from file
    -P, --prompt prompt   use this prompt instead of default
    -S, --suffix .suf     use suffix .suf instead of default .cpt
    -s, --strictsuffix    refuse to encrypt files which already have suffix
    -F, --envvar2 var     as -E for second keyword (for keychange mode)
    -H, --key2 key        as -K for second keyword (for keychange mode)
    -Q, --prompt2 prompt  as -P for second keyword (for keychange mode)
    -t, --timid           prompt twice for encryption keys (default)
    -b, --brave           prompt only once for encryption keys
    -y, --keyref file     encryption key must match this encrypted file
    -r, --recursive       recurse through directories
    -R, --rec-symlinks    follow symbolic links as subdirectories
    -l, --symlinks        dereference symbolic links
    -T, --tmpfiles        use temporary files instead of overwriting (unsafe)
    --                    end of options, filenames follow

For detailed usage information, see the official man page.

Example:

[usera@login-damiana WWW]$ ccrypt -erv codes-2.1.3
Enter encryption key: abcdef
Enter encryption key: (repeat)

The directory ~/WWW/codes-2.1.3 has been encrypted now.

[usera@login-damiana WWW]$ ls codes-2.1.3/
lustre-ldiskfs-3.3.0-2.6.32_279.2.1.el6_lustre.gc46c389.x86_64.x86_64.rpm.cpt

To decrypt the data please use the decrypt mode:

[usera@login-damiana WWW]$ ccrypt -drv codes-2.1.3
Enter decryption key:
[usera@login-damiana WWW]$ ls codes-2.1.3/
lustre-ldiskfs-3.3.0-2.6.32_279.2.1.el6_lustre.gc46c389.x86_64.x86_64.rpm