May 26, 2018
Command-line utility for encrypting and decrypting files and streams
ccrypt is a utility for encrypting and decrypting files and streams. It was designed to replace the standard Unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael cipher, which is the U.S. government’s chosen candidate for the Advanced Encryption Standard AES, see http//www.nist.gov/aes/. This cipher is believed to provide very strong security.
Unlike Unix crypt, the algorithm provided by ccrypt is not symmetric, i.e., one must specify whether to encrypt or decrypt. The most common way to invoke ccrypt is via the commands ccencrypt and ccdecrypt. There is also a ccat command for decrypting a file directly to the terminal, thus reducing the likelihood of leaving temporary plaintext files around. In addition, there is a compatibility mode for decrypting legacy Unix crypt files.
Encryption and decryption depends on a keyword or key phrase supplied by the user. By default, the user is prompted to enter a keyword from the terminal. Keywords can consist of any number of characters, and all characters are significant although ccrypt internally hashes the key to 256 bits. Longer keywords provide better security than short ones, since they are less likely to be discovered by exhaustive search.