Using AES Crypt Command-Line Program
The AES Crypt command-line program is available on Windows, Mac, and Linux.
You do not need to be an expert to use the AES Crypt command-line program to securely encrypt your data files. To encrypt a file, you simply enter the "aescrypt" command with the appropriate command-line arguments.
Before getting started, you will need to install the aescrypt command-line tool. For Windows, you can download a .zip file containing the program. You can place the aescrypt.exe program anywhere you wish, though it makes sense that it would be in a directory included in your PATH environment variable. For both Mac and Linux, download the .tgz file and place the contents in /usr/local. For example, the aescrypt binary should be placed in /usr/local/bin. The man page should be placed in /usr/local/man/man1/.
Suppose you have a file called "picture.jpg" that you would like to encrypt using the password "apples". You would enter the following command:
aescrypt -e -p apples picture.jpg
That's it! The program will create a file with the name "picture.jpg.aes".
You may also specify multiple files to encrypt on the command-line. Each will be encrypted with the same password.
When you want to later decrypt the file "picture.jpg.aes", you would enter the following command:
aescrypt -d -p apples picture.jpg.aes
The program will create the file "picture.jpg", containing the contents of the original file before it was encrypted.
It can't be any simpler than that!
Many users create sophisticated scripts that pipe input from one program into another, and AES Crypt fully supports such usage. For example, you could backup files and encrypt them with a command like this (on Linux or Mac):
tar -cvf - /home | aescrypt -e -p apples - >backup_files.tar.aes
Windows also supports the same syntax, but "tar" is not generally available on Windows. Nonetheless, and tool that outputs to stdout can be consumed by AES Crypt.
In all of the examples above, the password is provided on the command line. Since there are certain risks associated with that kind of usage, it may be preferred to let aescrypt prompt you to enter the password. This can be accomplished simply by not including the -p parameter, like this:
aescrypt -d picture.jpg.aes
AES Crypt will prompt you for the password, but what you enter will not be displayed on the screen.
What if you want to decrypt a file, but just want to have it displayed on the screen and not stored in a plaintext file? That's possible. To do that, just use this syntax:
aescrypt -d -o - passwords.txt.aes
The AES Crypt command-line program has the ability to create and use an encryption key file. This more securely allows for automated backups or other system administration tasks where one needs to provide a password, but would prefer to not have it appear on the command-line. To use a key file, first create a key file like this:
aescrypt -g -k secret.key
Place the file "secret.key" somewhere secure. Then when you wish to encrypt a file, you call AES Crypt like this:
tar -czvf - /home | aescrypt -e -k secret.key - >backup_files.tgz.aes
Be sure to provide the full pathname to the key file.
For those who are curious, the key file is nothing more than a UTF-16 or UTF-8 text file containing randomly-generated text that serves as a password. You may also manually create a file with a text editor. If you use UTF-16 as the file format, be sure the file includes the byte order mark, as that will be consumed by AES Crypt to determine the proper byte order.