ccrypt

Secure encryption and decryption of files and streams

I love ccrypt; it is easy to use and does exactly what one wants from an enrcyption program. Furthermore it's quite fast. It's a wonder the program isn't more widely known. (Jean-Yves Sireau, Hong Kong)

More user comments...

Description

ccrypt is a utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael cipher, which is the U.S. government's chosen candidate for the Advanced Encryption Standard (AES, see http://www.nist.gov/aes). This cipher is believed to provide very strong security.

Unlike unix crypt, the algorithm provided by ccrypt is not symmetric, i.e., one must specify whether to encrypt or decrypt. The most common way to invoke ccrypt is via the commands ccencrypt and ccdecrypt. There is also a ccat command for decrypting a file directly to the terminal, thus reducing the likelihood of leaving temporary plaintext files around. In addition, there is a compatibility mode for decrypting legacy unix crypt files. An emacs mode is also supplied for editing encrypted text files.

Encryption and decryption depends on a keyword (or key phrase) supplied by the user. By default, the user is prompted to enter a keyword from the terminal. Keywords can consist of any number of characters, and all characters are significant (although ccrypt internally hashes the key to 256 bits). Longer keywords provide better security than short ones, since they are less likely to be discovered by exhaustive search.

For a detailed description of the encryption algorithm used by ccrypt, see the man page.

Frequently Asked Questions

I often receive questions from users about ccrypt. I have written up the answers to some Frequently Asked Questions.

News

For changes prior to version 1.5, see the file NEWS. For a more detailed list of changes, see the ChangeLog.

Feburary 4, 2008: There is a new emacs package ps-ccrypt.el. Unlike the previous package jka-compr-ccrypt.el, this can be loaded in addition to, rather than instead of, jka-compr.el.

November 29, 2006: AIX precompiled distribution updated. Large file support is now enabled in AIX. Thanks to Jon Hardt for reporting this bug.

January 13, 2005: AIX precompiled distribution updated. Thanks to Adrien Cuypers for reporting a bug in the previous distribution.

March 28, 2004: Release 1.7. Large file support now works under cygwin. Prompting twice for encryption passwords is now the default. Added --disable-libcrypt option for systems where libcrypt is broken.

August 26, 2003: Release 1.6. Fixed a potential (but rare) segmentation fault.

August 25, 2003: Release 1.5. Numerous improvements to the code and some bug fixes. --mismatch option now works again. Ccrypt now also compiles under the gcc-3.3 compiler and the cc compiler. Return values were made more meaningful. Autoconfiguration has been improved, and a new --with-lispdir configuration option was added. The "check" target has been improved to work on more machines. Some bugs in emacs support were fixed.

Downloading and Installing

Ccrypt is built from sources using the standard configure/make commands. Please see the file INSTALL for detailed instructions. Binary distributions are available for a number of popular platforms; please see the file README for some hints on how to install the binaries. Windows users please see the file README.win. Redhat packages are also available for users of the Redhat Package Manager. If you would like to ensure the accuracy of the downloaded files, you can double-check their SHA1 sums.

Source distribution: ccrypt-1.7.tar.gz

Precompiled distributions: Linux for PC (i386) ccrypt-1.7.linux-i386.tar.gz

Linux for Alpha ccrypt-1.7.linux-alpha.tar.gz

Linux for Power PC ccrypt-1.3.linux-powerpc.tar.gz

Linux for Sparc ccrypt-1.6.linux-sparc.tar.gz

Linux for AMD64 ccrypt-1.7.linux-amd64.tar.gz

Linux for ARM ccrypt-1.4.linux-arm.tar.gz

Sun Solaris (Sparc) ccrypt-1.7.solaris-sparc.tar.gz

Sun Solaris (i386) ccrypt-1.7.solaris-i386.tar.gz

Macintosh OS X ccrypt-1.7.darwin6.0-powerpc.tar.gz

FreeBSD ccrypt-1.7.freebsd4.6-i386.tar.gz

NetBSD ccrypt-1.7.netbsdelf-i386.tar.gz

AIX ccrypt-1.7-2.aix-rs6000.tar.gz

HP-UX ccrypt-1.7.hpux.tar.gz⁽¹⁾

Windows 95/98/2000/NT ccrypt-1.7.cygwin-i386.tar.gz
ccrypt-1.7.cygwin-i386.zip

Packages: Redhat Source RPM ccrypt-1.7-1.src.rpm

Redhat Binary RPM (i386) ccrypt-1.7-1.i386.rpm

SuSE Source RPM ccrypt-1.7-1.src.rpm⁽²⁾

SuSE Binary RPM (i586) ccrypt-1.7-1.i586.rpm⁽²⁾

Debian Package (i386) ccrypt_1.7-4_i386.deb⁽³⁾

OpenBSD Package (i386) ccrypt-1.7-emacs21.tgz⁽⁴⁾

FreeBSD Package (i386) ccrypt-1.3.tbz

(1) HP-UX binary supplied by Simon Chung.
(2) SuSE RPMs supplied by Harry Auschner.
(3) For the most current version of the Debian package, see the Debian ccrypt page.
(4) OpenBSD Package supplied by Kevin Lo.

Previous releases...

Usage

ccrypt 1.7. Secure encryption and decryption of files and streams.

Usage: ccrypt [mode] [options] [file...]
       ccencrypt [options] [file...]
       ccdecrypt [options] [file...]
       ccat [options] file...

Modes:
    -e, --encrypt          encrypt
    -d, --decrypt          decrypt
    -c, --cat              cat; decrypt files to stdout
    -x, --keychange        change key
    -u, --unixcrypt        decrypt old unix crypt files

Options:
    -h, --help             print this help message and exit
    -V, --version          print version info and exit
    -L, --license          print license info and exit
    -v, --verbose          print progress information to stderr
    -q, --quiet            run quietly; suppress warnings
    -f, --force            overwrite existing files without asking
    -m, --mismatch         allow decryption with non-matching key
    -E, --envvar var       read keyword from environment variable (unsafe)
    -K, --key key          give keyword on command line (unsafe)
    -k, --keyfile file     read keyword(s) as first line(s) from file
    -P, --prompt prompt    use this prompt instead of default
    -S, --suffix .suf      use suffix .suf instead of default .cpt
    -s, --strictsuffix     refuse to encrypt files which already have suffix
    -F, --envvar2 var      as -E for second keyword (for keychange mode)
    -H, --key2 key         as -K for second keyword (for keychange mode)
    -Q, --prompt2 prompt   as -P for second keyword (for keychange mode)
    -t, --timid            prompt twice for encryption keys (default)
    -b, --brave            prompt only once for encryption keys
    -r, --recursive        recurse through directories
    -R, --rec-symlinks     follow symbolic links as subdirectories
    -l, --symlinks         dereference symbolic links
    -T, --tmpfiles         use temporary files instead of overwriting (unsafe)
    --                     end of options, filenames follow

For detailed usage information, see the man page.

Emacs Support

ccrypt comes with an emacs package for reading and writing encrypted files. (Note that this package currently only works with emacs, not with xemacs.) The package is called jka-compr-ccrypt, and it is based directly on the jka-compr package which is part of GNU Emacs. It handles both encrypted and compressed files (although currently not encrypted compressed files).

To use the package, simply load jka-compr-ccrypt and edit as usual. When you open a file with the ".cpt" extension, emacs will prompt you for a password for the file. It will remember the password for the buffer, and when you save the file later, it will be automatically encrypted again (provided you save it with a ".cpt" extension). Except for the password prompt, the operation of the package should be transparent to the user. The package also handles compressed ".gz", ".bz2", and ".Z" files, and it should be used instead of, not in addition to, jka-compr. The command M-x ccrypt-set-buffer-password can be used to change the current password of a buffer.

The simplest way to use this package is to include the lines

(setq load-path (cons "path" load-path)) (require 'jka-compr-ccrypt "jka-compr-ccrypt.el")

in your .emacs file, where path is the directory which holds the file jka-compr-ccrypt.el.

Other software related to ccrypt

The following is a list of software related to ccrypt. The list is not comprehensive; please let me know if you know of other such programs.

gjots. A lightweight jotter which marshals and organizes text notes in a convenient, hierarchical way. It can be used for notes, jottings, bits and pieces, recipes, and even PINs and passwords (encrypted with ccrypt). Written by Bob Hepple.
xzgvz-0.8z.tar.bz2. This is Stan Zitello's modification of xzgv, a GTK-based image viewer. The modified version can display ccrypt-encoded jpeg images with the filename extensions .cjpg or .cjpeg. (Added Jan 30, 2004)
Ccrypt-GUIs Integration Scripts. A collection of scripts for creating context menu entries for ccrypt in KDE, Gnome, and Windows 98+. This should allow you to encrypt/decrypt files by right-clicking on them. Written by VF. (Added Sep 26, 2004).
Tkccrypt. A simple text editor for ccrypt'ed files, written by Lluís Batlle i Rossell. (Added Nov 2, 2006).

Support and Reporting Bugs

Ccrypt has a project page on SourceForge. There you will find facilities for reporting bugs, submitting patches, asking for support, asking for features, or discussing ccrypt in general. You are encouraged to use these facilities. You can also send email to the author.

Version

1.7

Author

License

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.

Back to Homepage:

Peter Selinger / Department of Mathematics and Statistics / Dalhousie University
selinger@users.sourceforge.net / PGP key