Sun Solaris UNIX: How to Encrypt and Decrypt a File

SFTP can be used to encrypt a file in transit, but what if file-encryption-at-rest is required?

To encrypt a file “at rest” (i.e. on the file system), two things are required:

  1. the encryption algorithm must be chosen;
  2. an encryption “key” must be generated (or provided by a third party) – this is used to encrypt, and subsequently decrypt, the file.

In this example, a random key is generated in a 3DES format, using the dd utility:

dd if=/dev/urandom of=$HOME/key.3des.24 bs=24 count=1


  • if = file indicates a random key, using the /dev/urandom file
  • of = keyfile is the output file that holds the generated key
  • bs = n is the key size in bytes. For the length in bytes, divide the key length in bits by 8.
  • count = n is the count of the input blocks. The number for n should be 1.

The maximum and minimum key sizes (in bits, not bytes) can be determined using:

encrypt -l

…which gives:

Algorithm Keysize:        Min   Max (bits)
aes                       128   256
arcfour                     8  2048
des                        64    64
3des                      128   192
camellia                  128   256

The newly-generated key file, $HOME/key.3des.24, can then be used to encrypt a TEST.csv file (using the 3DES algorithm), using:

encrypt -a 3des -k $HOME/key.3des.24 -i ./TEST.csv -o ./e.TEST.csv

…and decrypted using:

decrypt -a 3des -k $HOME/key.3des.24 -i ./e.TEST.csv -o ./u.TEST.csv


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s