Most people who work with computers realize that the task of copying many files from one location to another is much easier if you can first bundle together the files and copy them as a single unit. This is especially true when copying hundreds or thousands of files from one location to another. For example, in a Windows environment, if you have hundreds of files in a folder, it's fairly easy to click and drag the folder (that contains the files) and copy it to a different location. This copy task would be time-consuming and error-prone if you individually copied each file within the folder.
In Linux, tar, cpio, and zip are utilities that DBAs often use to group files together into one file (like a Windows folder). Bundling a group of files together into one file is known as creating an archive. Archiving tools allow you to back up all files in a directory structure and preserve any file characteristics such as permissions, ownership, and contents. The archive file is used to move or copy the files as a single unit to a different location.
The tar utility was originally used to bundle (or archive) files together and write them to tape, which is why it's called tape archive, or, in shorthand, tar. Although tar was originally used to write files to tape, its bundling ability is mainly what DBAs use it for now.
The cpio utility gets its name from its ability to copy files in and out of archived files. This command-line utility is also widely used by database administrators to bundle and move files. Oracle often distributes its binaries packaged as cpio files.
The zip utility is another popular tool for bundling files. This utility is especially useful for moving files from one operating system platform to another. For example, you can use zip to bundle and move a group of files from a Windows server to a Linux server.
Network performance can sometimes be slow when moving large archive files from one server to another. In these situations, it's appropriate to compress large files before they are remotely transferred. Many compression programs exist, but the most commonly used in Linux environments are gzip and bzip2. The gzip utility is widely available on most Linux platforms. The bzip2 utility is a newer tool and has a more efficient compression algorithm than gzip. The zip utility is also used for compression, but it isn't as efficient at compressing files as gzip and bzip2.
In this chapter we'll also briefly show how to use the compress and uncompress utilities, even though we recommend you do not use compress. It's an older and less efficient compression utility. We mention it only because you might find yourself working with an older Linux server that has files that have been created with compress.
Most of the utilities described in this chapter are frequently used by DBAs. Which utility you use for the task at hand depends on variables such as personal preference, standards defined for your environment, and features of the utility. For example, when downloading Oracle installation files, these are usually bundled with cpio; this of course means that you must be familiar with cpio. In other situations, you might use tar because the person receiving the file has requested that the file be in the tar format.
DBAs spend a fair amount of time moving large numbers of files to and from database servers. To do your job efficiently, it's critical to be proficient with archiving and compression techniques. In this chapter, we cover common methods that database administrators utilize for bundling and compressing files. We also cover the basics of generating checksums and encrypting/decrypting files. We felt these topics were appropriate in this chapter because DBAs often use checksums and encryption when working with bundled files that are transferred to other database administrators.
This first example uses the tar utility with the -cvf options to bundle all files ending with the string .sql that exist in the current working directory:
$ tar -cvf prodrel.tar *.sql
The -c (create) option specifies you are creating a tar file. The -v (verbose) option instructs tar to display the names of the files included in the tar file. The -f (file) option directly precedes the name of the tar archive file. The file that is created in this example is named prodrel.tar. It's standard to name the tar file with the extension of .tar.
If you want to include all files in a directory tree, then specify the directory name from where you want the tar utility to begin bundling. The following command bundles all files in the /orahome/scripts directory (and any files in its subdirectories):
$ tar -cvf script.tar /orahome/scripts
Both DBAs and system administrators ubiquitously use the tar utility to bundle a large number of files together as one file. Once files have been packaged together, they can be easily moved as a unit to another location such as a remote server (see Chapter 14 for details on copying files over the network).
The tar command has the following basic syntax:
$ tar one_mandatory_option [other non-mandatory options] [tar file] [other files]
When running tar, you can specify only one mandatory option, and it must appear first on the command line (before any other options). Table 6-1 describes the most commonly used mandatory options.
Table 6.1. Mandatory tar Options
Option | Description |
|---|---|
| Create a new archive file. |
| Compare files stored in one |
| Append other files to |
| Display the names of files in tar file. If other files are not listed, then display all files in |
| Add new or updated files to |
| Extract files from the |
| Append a second |
There are three methods for formatting options when running the tar command:
Short
Old (historic)
Mnemonic
The short format uses a single hyphen (-) followed by single letters signifying the options. Most of the examples in this chapter use the short format. This format is preferred because there is minimal typing involved. Here's an example of using the short format to create an archive of all files in the /ora01 directory (and its subdirectories):
$ tar -cvf ora01.tar /ora01
The old format is similar to the short format except that it doesn't use the hyphen. Most versions of tar still support the old syntax for backward compatibility with older Linux/Unix distributions.
The mnemonic format uses the -- double hyphen format followed by a descriptive option word. This format has the advantage that it's easier to understand which options are being used. For example, the next line of code clearly shows that you're creating a tar file, using the verbose output, for all files in the /ora01 directory (and its subdirectories):
$ tar --create --verbose --file ora01.tar /ora01
The -f or --file option must come directly before the name of the tar file you want to create. You'll receive unexpected results if you specify the f option anywhere but just before the name of the tar file. Look carefully at this next line of code and subsequent error message:
$ tar -cfv prod_rel.tar *.sql tar: prod_rel.tar: Cannot stat: No such file or directory
The previous line of code will attempt to create a file named v and put in it a file named prod_rel.tar along with files in the current working directory ending with the extension of *.sql.
If you want to compress the files as you archive them, then use the -z option (for gzip) or the -j option (for bzip2). The next example creates a compressed archive file of everything beneath the /oracle/product/10.2 directory:
$ tar -cvzf orahome.tar /oracle/product/10.2
Depending on the version of tar, the previous command might not add an extension such as .gz to the name of the archive file. In that case, you can specify the file name with a .gz extension when creating the file, or you can rename the file after it has been created.
If you're using a non-GNU version of tar, then you may not have the z or j compression options available. In this case, you'll have to explicitly pipe the output of tar to a compression utility like gzip:
$ tar -cvf - /oracle/product/10.2 | gzip > orahome.tar.gz
You can also use tar to copy a directory from one location to another on a box. This next example uses tar to copy the scripts directory tree to the /ora01/backup directory:
$ tar -cvf - scripts | (cd /ora01/backup; tar -xvf -)
The previous line of code needs a bit of explanation. The tar command uses standard input (signified with a - as the tar file name. This is piped to the next set of commands. The cd command changes directories to /ora01/backup and then extracts to standard output (signified with a -). This essentially gives you a method for copying directories from one location to another without having to create an intermediary tarball file.
Use the -x option to extract files from a tar file. Usually it's a good idea to first create a new directory and extract the files in the newly created directory. This way you don't mix up files that might already exist in a directory with files from the archive.
This example creates a directory and then copies the tar file into the directory before extracting it:
$ mkdir tarball $ cd tarball $ cp ../mytar.tar . $ tar -xvf mytar.tar
The previous example retrieves all files from the mytar.tar file into the directory named tarball.
When extracting files, you can retrieve all files in the tar file, or you can provide a list of specific files to be retrieved. The following example extracts only two files from the tar file:
$ tar -xvf mytar.tar script1.sql script2.sql
You can also use pattern matching to retrieve files from a tar file. This example extracts all files that end in *.bsh from the tar file named mytar.tar:
$ tar -xvf mytar.tar *.bsh
If you don't specify any files to be extracted, then all files are retrieved:
$ tar -xvf mytar.tar
You wonder whether there have been any changes to files in a directory since you last created a tar file.
Use the -d (difference) option of the tar command to compare files in a tar file to files in a directory tree. The following example finds any differences between the tar file backup.tar and the scripts directory:
$ tar -df backup.tar scripts
The previous command will display any differences with the physical characteristics of any of the files. Here is some sample output:
scripts/top.sql: Mod time differs scripts/top.sql: Size differs
If you find differences and want to update the tar file to make it current, then use the -u option. This feature will update and append any files that are different or have been modified since the tarball was created. The next line of code updates or appends to the tar file any changed or new files in the scripts directory:
$ tar -uvf backup.tar scripts
The output indicates that the top.sql has been updated:
scripts/ scripts/top.sql
When using cpio to bundle files, specify o (for out or create) and v (verbose). It's customary to name a bundled cpio file with the extension of .cpio. The following command takes the output of the ls command and pipes it to cpio, which creates a file named backup.cpio:
$ ls | cpio -ov > backup.cpio
If you want to bundle up a directory tree with all files and subdirectories, then use the find command on the target directory. The following pipes the output of the find command to cpio, which bundles all files and subdirectories beneath the current working directory:
$ find . -depth | cpio -ov > orahome.cpio
If you want to create a compressed file, then pipe the output of cpio to a compression utility like gzip:
$ find . -depth | cpio -ov | gzip > orahome.cpio.gz
The -depth option tells the find command to print the directory contents before the directory itself. This behavior is desirable especially when bundling files that are in directories with restricted permissions.
The key to understanding on how to package files with cpio is that it accepts as input a piped list of files from the output of commands such as ls or find. Here is the general syntax for using cpio to bundle files:
$ [find or ls command] | cpio -o[other options] > filename
For example, if you wanted to back up all files in the oracle account's home directory tree, then run cpio as follows:
$ find /home/oracle | cpio -ov > orahome.cpio
You can also specify that you want only those file names that match a certain pattern. This example bundles all SQL scripts in the scripts directory:
$ find scripts -name "*.sql" | cpio -ov > mysql.cpio
You just downloaded some Oracle software installation files. You notice that they are bundled as cpio files. You wonder how to retrieve files from the cpio archive.
Use cpio with the idmv options when unbundling a file. The i option instructs cpio to redirect input from an archive file. The d and m options are important because these instruct cpio to create directories and preserve file modification times, respectively. The v option specifies that the file names should be printed as they are extracted.
The following example first creates a directory to store the scripts before unbundling the cpio file:
$ mkdir Disk1 $ cd Disk1
After copying the archive file to the Disk1 directory, then use cpio to unpack the file:
$ cpio -idvm < linux10g_disk1.cpio
You can also pipe the output of the cat command to cpio as an alternative method to extract the file:
$ cat linux10g_disk1.cpio | cpio -idvm
You can also uncompress and unbundle files in one concatenated string of commands:
$ cat linux10g_disk1.cpio.gz | gunzip | cpio -idvm
The previous command allows you to easily uncompress and extract the Oracle distribution media.
The cpio utility is used with the i option to extract archive files. Here is the general syntax to unbundled files using cpio:
$ cpio -i[other options] < filename
You can extract all files or a single file from a cpio archive. This next example uses the cpio utility to extract a single file named rman.bsh from a cpio file named dbascripts.cpio:
$ cpio -idvm rman.bsh < dbascripts.cpio
An alternative way to unpack a file is to pipe the output of cat to cpio. Here is the syntax for this technique:
$ cat filename | cpio -i[other options]
Also of note is that you can use cpio to unbundle tar files. This example uses cpio to extract files from a script named scripts.tar:
$ cpio -idvm < scripts.tar
Your database design tool runs on a Windows box. After generating some schema creation scripts, you want to bundle the files on the Windows server and copy them to the Linux box. You wonder whether there is a common archiving tool that works with both Windows and Linux servers.
Use the zip utility if you need to bundle and compress files and transfer them across hardware platforms. This first example uses zip with the -r (recursive) option to bundle and compress all files in the oracle10g directory tree (this includes all files and subdirectories):
$ zip -r ora10g.zip oracle10g
You can also specify files that you want included in a .zip file. The following command bundles and compresses all SQL files in the current working directory:
$ zip myzip.zip *.sql
The zip utility is widely available on Windows and Linux servers. Files created by zip on Windows can be copied to and extracted on a Linux box. The zip utility both bundles and compresses files.
The compression ratio achieved by zip is not nearly as efficient as bzip2 or gzip. However, the zip and unzip utilities are popular because the utilities are portable across many platforms such as Linux, Windows, Unix, and Mac OS. If you need cross-platform portability, then use zip to bundle and unzip to unbundle.
Tip
Run zip -h at the command line to get help information on either a Windows or Linux server.
Your database-modeling tool runs on a Windows box. After generating some schema creation scripts, you want to bundle the files on the Windows server, copy them to the Linux box, and unbundle them.
To uncompress a zipped file, first create a target directory location, then move the zip file to the new directory, and finally use unzip to unbundled and uncompress all files and directories included in the zip file. The example in this solution performs the following steps:
Creates a directory named
march03Changes the directory to the new directory
Copies the zip file to the new directory
Unzips the zip file
$ mkdir march08 $ cd march08 $ cp /mybackups/mvzip.zip . $ unzip mvzip.zip
You should see output indicating what directories are being created and what files are being extracted. Here's a small snippet of the output for this example:
inflating: mscd642/perf.sql creating: mscd642/ppt/ inflating: mscd642/ppt/9inew_f.ppt inflating: mscd642/ppt/brpreso.ppt inflating: mscd642/ppt/chap01.ppt inflating: mscd642/ppt/chap02.ppt
The unzip utility will list, test, or extract files from a zipped archive file. You can use this utility to unzip files regardless of the operating system platform on which the zip file was originally created. This is handy because it allows you to easily transfer files between Linux and other operating systems such as Windows.
You can also use the unzip command to extract a subset of files from an existing zip archive. The following example extracts upgrade.sql from the upgrade.zip file:
$ unzip upgrade.zip upgrade.sql
Similarly, this example retrieves all files that ended with the extension of *.sql:
$ unzip upgrade.zip *.sql
Sometimes you run into situations where you want to add only those files that do exist in the source directory and do not exist in the target directory. First recursively zip the source directory. In this example, the relative source directory is orascripts:
$ zip -r /orahome/ora.zip orascripts
Then cd to the target location and unzip the file with the -n option. In this example, there is an orascripts directory beneath the /backup/scripts directory:
$ cd /backups/scripts $ unzip -n /orahome/ora.zip
The -n option instructs the unzip utility to not overwrite existing files. The net effect is that you unbundle only those files that do exist in the source directory but do not exist in the target directory.
You want to verify which files are contained within an archived file before extracting its contents.
Each of the bundling commands (tar, cpio, and zip) has a method for listing files within an archive file. Each technique is described briefly in its own subsection.
Use the -tvf (table of contents, verbose, file) option to display the contents of a tar file. This example lists the contents of the orahome.tar file:
$ tar -tvf orahome.tar
If you want to view the contents of a compressed tar file, then use a z or j (gzip or b2zip, respectively). This example displays the contents of a tar file that has been compressed with gzip:
$ tar -tzvf orahome.tar.gz
Interestingly, you can use the cpio utility to work on tar files. This next example lists the contents of the orahome.tar tarball:
$ cpio -itv < orahome.tar
It's almost always a good idea to first list the files contained in an archived file. This will show you which directories will be created and which files will be extracted. If you're ever unsure about the contents of a bundled file, then use one of the techniques described in the "Solution" section of this recipe for obtaining a listing of the bundled file's contents.
You'll have to use a combination of commands to find and compress files. This next example finds all trace files that were modified more than two days ago and then bundles and compresses them:
$ find /ora01/admin/bdump -name "*.trc" -mtime +2 | xargs tar -czvf trc.tar.gz
This next example uses cpio to achieve the same result:
$ find /ora01/admin/bdump -name "*.trc" -mtime +2 | cpio -ov | gzip > trc.cpio.gz
Note
See recipe 5-25 for more details on using the find command with date and time options.
Quite often you'll find yourself cleaning up old files on database servers. When dealing with log or trace files, sometimes it's desirable to first find, bundle, and compress the files and then at some later time physically delete the files after they're not needed anymore (see recipe 5-26 for examples of finding and removing files). We recommend you encapsulate the code in this recipe in a shell script and run it regularly from a scheduling utility such as cron (see Chapter 11 for details on automating jobs).
Each of the bundling commands (tar, cpio, and zip) has a method for adding a file or a directory to an existing archive. Each technique is described briefly in its own section here.
To add one file to a tar archive, use the -r (append) option:
$ tar -rvf backup.tar newscript.sql
This next example adds a directory named scripts to the backup.tar file:
$ tar -rvf backup.tar scripts
To add a file to a cpio bundle, use the -A (append) option. Also specify the F option to specify the name of the existing cpio file. This next example adds any files with the extension of *.sql to an existing cpio archive named my.cpio:
$ ls *.sql | cpio -ovAF my.cpio
To add a directory to an existing cpio file, use the find command to specify the name of the directory. This line of code adds the backup directory to the my.cpio file:
$ find backup | cpio -ovAF my.cpio
Several utilities are available for compressing and uncompressing files. The gzip, bzip2, and compress utilities are widely used in Linux and Unix environments. Each of them is briefly detailed in the following sections.
This first example uses gzip to compress the scripts.tar file:
$ gzip scripts.tar
The gzip utility will add an extension of .gz to the file after it has been compressed. To uncompress a file compressed by gzip, use the gunzip utility:
$ gunzip scripts.tar.gz
The gunzip utility will uncompress the file and remove the .gz extension. The uncompressed file has the original name it had before the file was compressed.
Sometimes there is a need to peer inside a compressed file without uncompressing it. The following example uses the -c option to send the contents of the gunzip command to standard output, which is then piped to grep to search for the string error:
$ gunzip -c scrdv12_ora_19029.trc.gz | grep -i error
You can also use the zcat utility to achieve the same effect. The next command is identical to the previous command:
$ zcat scrdv12_ora_19029.trc.gz | grep -i error
Use bzip2 to compress files. By default, files compressed with bzip2 will be given a .bz2 extension. This example compresses the file exp.dmp:
$ bzip2 exp.dmp
To uncompress a bzip2 compressed file, use bunzip2. This utility expects a file to be uncompressed to be named with an extension of one of the following: .bz2, .bz, .tbz2, .tbz, or .bzip2. This example uncompresses a file named exp.dmp.bz2:
$ bunzip2 exp.dmp.bz2
The bzip2 utility will uncompress the file and remove the .bz2 extension. The uncompressed file has the original name it had before the file was compressed.
Sometimes you need to view the contents of a compressed file without uncompressing it. The following example uses the -c option to send the contents of the bunzip2 command to standard output, which is then piped to grep to search for the string error:
$ bunzip2 -c scrdv12_ora_19029.trc.bz2 | grep -i error
The compress utility is aptly named. Files compressed with this utility are given a .Z extension. This example compresses a large trace file:
$ compress dwrep_lgwr_1912.trc
To uncompress a compress compressed file, use uncompress:
$ uncompress dwrep_lgwr_1912.trc.Z
The uncompress utility will uncompress the file and remove the .Z extension. The uncompressed file has the original name it had before the file was compressed.
Tip
Generate a checksum before compressing a file, and compare it to the checksum after uncompressing. This allows you to validate that a file has not been corrupted by the compression utility. See recipe 6-12 for details on using Linux checksum utilities.
DBAs often move files from one location to another. This frequently includes moving files to remote servers. Compressing files before transferring them is critical to being able to copy large files. Several compression utilities are available. The most commonly used are gzip, b2zip, and compress.
The gzip utility is widely available in the Linux and Unix environments. If you have scripts that need to be portable across many variants of Linux and Unix, then gzip and gunzip are excellent choices.
The bzip2 utility is a newer and more efficient compression algorithm than gzip. The bzip2 tool is CPU intensive but achieves high compression ratios. If you need good compression with large files, then use bzip2 to compress and bunzip2 to uncompress.
We recommend you use gzip or bzip2 instead of compress. The compress utility is an older tool and less efficient compression tool. We mention it in this chapter only because you may run into compress compressed files on an older Linux or Unix server. Every once in a while you may run into a shell script that a previous DBA wrote that uses the compress utility.
Tip
The best compression available is achieved with the rm (remove) command. A word of caution, though—your data is permanently irretrievable after using rm. As of the time this book was published, there is still no unrm (unremove) command available.
You just copied a file from one server to another. You need to verify that the destination file has the same contents as the source file.
Use a utility such as sum to compute a checksum on a file before and after the copy operation. This example uses the sum command to display the checksum and number of blocks within a file:
$ sum backup.tar 24092 78640
In the previous output, the checksum is 24092, and the number of blocks in the file is 78640. After copying this file to a remote server, run the sum command on the destination file to ensure that it has the same checksum and number of blocks. Table 6-2 lists the common utilities used for generating checksums.
Note
On some Linux/Unix platforms, the sum utility may compute a different checksum for a file depending on the version of the operating system.
When moving files between servers or compressing and uncompressing, it's prudent to verify that a file contains the same contents as it did before the copy or compress/uncompress operation. The most reliable way to do this is to compute a checksum. This allows you to verify that a file wasn't inadvertently corrupted during a transmission or compress/uncompress.
A checksum is a value that is calculated that allows you to verify a file's contents. The simplest form of a checksum is a count of the number of bytes in a file. For example, when transferring a file to a remote destination, you can then compare the number of bytes between the source file and the destination file. This checksum algorithm is very simplistic and not entirely reliable. However, in many situations, counting bytes is the first step to determine whether a source and destination file contain the same contents. Fortunately, many standard Linux utilities are available to calculate reliable checksum values.
DBAs also compute checksums to ensure that important files haven't been compromised or modified. For example, you can use the md5sum utility to compute and later check the checksum on a file to ensure that it hasn't been modified in any way. This example uses md5sum to calculate and store the checksums of the listener.ora, sqlnet.ora, and tnsnames.ora files:
$ cd $TNS_ADMIN $ md5sum listener.ora sqlnet.ora tnsnames.ora >net.chk
Then at some later time, you can use md5sum to verify that these files have not been modified since the last time a checksum was computed:
$ md5sum --check net.chk listener.ora: OK sqlnet.ora: FAILED tnsnames.ora: OK md5sum: WARNING: 1 of 3 computed checksums did NOT match
From the pervious output, the sqlnet.ora file has been modified sometime after the checksum was computed. This allows you to detect changes and ensure that important files have not been compromised.
Table 6.2. Common Linux Utilities Available for Generating Checksum Values
Checksum Utility | Description |
|---|---|
| Calculates checksum and number of blocks |
| Computes checksum and count of bytes |
| Generates 128-bit Message-Digest algorithm 5 (MD5) checksum and can detect file changes via |
| Calculates 160-bit SHA1 (Secure Hash Algorithm 1) checksum and can detect file changes via |
You store sensitive DBA password information in a file on disk and want to encrypt the file before sharing it with other database administrators.
Use the gpg utility to encrypt a file. The first step is to generate public and private keys required by gpg:
$ gpg --gen-key
The previous command will prompt you for input such as what key type, size, lifetime, real name, and passphrase. Usually the default values are sufficient. You will need to remember the passphrase because that is required when you decrypt an encrypted file. You should see files created for you in the HOME/.gnupg directory.
After you have successfully generated the required keys, you can now encrypt files. In this example, the oracle user encrypts a file that contains sensitive passwords.
$ gpg --encrypt --recipient oracle passwords.txt
This creates a new file named passwords.txt.gpg. It does not remove the passwords.txt file. You can manually remove the passwords.txt file with the rm command.
The following line of code decrypts the passwords.txt.gpg file:
$ gpg --output passwords.txt --decrypt passwords.txt.gpg
You will be prompted for the passphrase. After entering the correct passphrase, an unencrypted file will be created for your perusal.
The gpg (GNU Privacy Guard) utility is an encryption tool that is installed by default on most Linux servers. This utility allows you to encrypt and decrypt sensitive files. When you first use the tool, you must generate public and private keys via the --gen-key option.
To send an encrypted message, use the receiver's public key in combination with the sender's private key. In other words, before you can send an encrypted file, you must first obtain the recipient's public key and place it on your keyring. The follow steps illustrate this concept:
As the sender of the encrypted file, generate the public and private keys:
$ gpg --gen-key
As the receiver of the encrypted file, generate the public and private keys, and export the public key:
$ gpg --gen-key $ gpg --export > [email protected]
If you're going to e-mail the key to the user sending the encrypted file, sometimes it's desirable to export the key as an ASCII file:
$ gpg -a --export > [email protected]
As the receiver, send your exported key file to the user who will send the encrypted file. In this example, the file is
[email protected]. You canscpthe file to a location the sender can access or e-mail an ASCII key file to them.As the sender of the encrypted file, import the exported key of the receiver:
$ gpg --import [email protected]
You can verify that the user to receive the encrypted file has been placed on the keyring:
$ gpg --list-keys
Here is a partial listing of the output:
pub 1024D/7EF416B7 2008-08-12 oracle@bllnx3 (oracle@bllnx3) <oracle@bllnx3> sub 2048g/710EAC88 2008-08-12
As the sender, encrypt the file to be sent to the receiver. In this example, the receiver is
oracle@bllnx3, and the file to be encrypted ispassword.txt:$ gpg -e -r oracle@bllnx3 password.txt
Here is a partial snippet of the output from this command:
It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes Use this key anyway?
Enter
yfor "yes." An encrypted file with the extension.gpgshould now be created for you. In this example, the encrypted file name ispassword.txt.gpg.Now send the encrypted file to the recipient.
As the recipient, decrypt the file:
$ gpg password.txt.gpg
You should be prompted for a passphrase:
You need a passphrase to unlock the secret key for user: oracle@bllnx (oracle@bllnx3) <oracle@bllnx3>"
As the receiver, enter your passphrase. After you successfully enter the correct passphrase, you should now have a decrypted password.txt file.
There are other encryption utilities such as openssl that you can use to protect sensitive files. This utility allows you to encrypt files without having to create keys. Before using openssl, first view the available ciphers available:
$ openssl list-cipher-commands
Here is a partial listing of the output:
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
Note
A cipher is an algorithm used for encrypting and decrypting files.
Pick one of the ciphers from the previous list to use for encrypting a file. The following example uses the Advanced Encryption Standard (AES) 128-bit cipher in Cipher Block Chaining (CBC) mode:
$ openssl enc -aes-128-cbc -in passwords.txt -out passwords.enc
You should now be prompted for a password:
enter aes-128-cbc encryption password:
You will be prompted again for verification:
Verifying - enter aes-128-cbc encryption password:
To decrypt the file, use the -d option:
$ openssl enc -d -aes-128-cbc -in passwords.enc -out passwords.txt
After the password you entered is successfully authenticated, the file will be decrypted. The previous command will overwrite the file passwords.txt if it exits. If you don't specify an output file, the decrypted form of the encrypted file will be displayed on your terminal.
You can also specify a password on the command line when encrypting and decrypting via the -pass option of openssl. This encrypts the passwords.txt file using a password of foo:
$ openssl enc -aes-128-cbc -in passwords.txt -out passwords.enc -pass pass:foo
Similarly, use the -pass option when decrypting:
$ openssl enc -d -aes-128-cbc -in passwords.enc -out passwords.txt -pass pass:foo
Both openssl and gpg are considered to be robust encryption and decryption utilities. You may find the openssl utility a little easier to use because you don't have to generate keys when sharing encrypted files with other users.