EncryptPad is a handy text editor with encryption
Secure Writer
EncryptPad provides symmetric text encryption directly from the editor. You can also use EncryptPad to encrypt binary data.
EncryptPad [1] is a text editor with an encryption function. If you have a file with sensitive information, such as passwords and account names, you can use EncryptPad to edit and maintain the file, all the while ensuring that the file remains encrypted. EncryptPad also provides a data integrity feature through the SHA-1 hashing algorithm, so if you receive a file from someone else, you can ensure that it hasn't been altered in transmission. EncryptPad even protects you from a brute force attack by letting you safeguard the encrypted information with both a key and a passphrase. Store the key separately; if the USB stick with the encrypted information falls into the wrong hands, the thief won't have access the to data just by guessing the password.
In contrast to other common encryption tools, EncryptPad uses symmetric (rather than asymmetric) encryption. You use the same key to encrypt and decrypt the file. If you are sending the encrypted file to someone else, you need to provide the passphrase and/or key file to the other user separately.
EncryptPad, which has been on GitHub for about three years [2], is still at the beta stage; the current version at this time of writing is 0.4.0.4. The software is available for Linux, Mac OS X, and Windows. EncryptPad relies on OpenPGP [3] [4], and it uses the AES 256 symmetric encryption standard [5]. Some of the functionality of EncryptPad is similar to the gnupg.vim
extension for the Vim editor.
You can access EncryptPad through your desktop interface or use the encryptcli
command to run the application at the command line.
AppImage
EncryptPad has not yet made it into the archives of many Linux distributions, although you will find it in the Ubuntu PPA, the Arch Linux AUR, and FreeBSD. The developer offers the application for Linux as an AppImage [6] with a size of 29MB. Note that you have to adjust the permissions for the file before the first start. To set the permissions, use the chmod +x filename
command in a terminal window.
To launch EncryptPad, double-click on the file; later on, you will be able to start from the application menu in some distributions. At first glance, the main window looks like a regular text editor (Figure 1). But if you mouse over the icons or browse the menu, you'll find the functions for creating passphrases and key files, as well as a read-only mode that ensures that you don't unintentionally change important documents.
The Settings menu mainly contain parameters for creating passphrases and key files. If necessary, you can adjust these settings directly when you execute an action. However, you might want to configure the font and the number of files displayed in the Open dialog to suit your requirements.
If you plan to use keys, you will also need to specify the path to the cURL binary file. You can determine the path by typing which curl
in a terminal window; it may be necessary to install the program via the package manager. cURL lets you download keys directly from a remote server in EncryptPad.
Two Formats
EncryptPad supports two file formats: GPG and EPD. The GPG file type is for the OpenPGP format and is compatible with other OpenPGP tools. You can use it when opening a file even if EncryptPad is not available. The format does not support double protection with a key file and passphrase.
When using GPG, it is not possible to store the path of the key file in the encrypted file itself, so every time a file encrypted with a key file is opened, you are prompted to choose which key file the editor should use.
EPD is the native EncryptPad file format. Other OpenPGP software can open an EPD file as it is only protected with a passphrase, because then it is effectively a GPG file.
If you use a key or a combination of key and passphrase to protect the data, the program packs the GPG file into a WAD container. WAD [7], which stands for "Where's All the Data," is a simple format for combining multiple binary files. You can open WAD containers with SLADE [8].
The simplest case to protect text with EncryptPad is via the Save As function. In the case of unprotected text, you will see the information Passphrase not set and Key not set in red at the bottom right of the window.
Select GnuPG (*.gpg) in the Save dialog under Files of Type, and add the rest of the information, such as a filename and a desired storage location. Before the application saves the text, it prompts you to enter a password. After saving, the Passphrase not set message in red changes to a Password protected message in black.
The result is an OpenPGP file that no longer relies on EncryptPad for decryption but can be opened with standard GPG tools.
Using a Key
To protect text with a key, open or create the text file. Then click on the icon with the key and the plus sign. If you already have a key that you want to use, enter the path in the upper field of the input screen. To create a new key, enter a name in the Generate Key dialog box (Figure 2).
When you create a key file, EncryptPad creates a random byte sequence, prompts the user for a passphrase, encrypts the resulting sequence with it, and stores the results in a file. The application saves the key file with the .key
extension in the home directory of the user below the hidden ~/.encryptpad
folder (Figure 3).
Now press OK and enter a passphrase to protect the key. The software will ask you if you want to use the key for the open file. After you've said yes, nothing seems to happen. However, if you take a look at the ~/.encryptpad
folder below your home directory, you will see that the key is already there. Further indicators are the Key not set message changing to Key protected. In addition, the icon with a plus sign now has a minus sign that lets you remove key protection for this file.
To open the currently encrypted file later on, first enter the location of the key in the dialog. The software automatically detects this correctly as long as you do not move the key file. In a second step, enter the passphrase that you have assigned.
The whole thing can be nested one level further by protecting the key file with an additional password. Proceed as in the previous example, but do not select .gpg
as the file format; instead, go for .epd
. The software will ask you for an additional passphrase. The second passphrase protects the file on the hard disk. When the process is complete, you should see Passphrase protected and Keyword protected at the bottom (Figure 4).
If you want to close the file and open it again later, you will be prompted for the passphrase within the file and then for the key. For simplicity's sake, you will want to check Persistent key location in the encrypted file, because this option will eliminate the need to query the key in the future. All you need to do is enter the two passwords. If this option is set, EncryptPad shows you the option at the bottom in the Keyword protected section (Figure 5).
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.