Encrypting files with AESCrypt and LastPass


I can't tell you how many times I have tried to get family and friends to install a password manager. Is it really that hard? Maybe I'm just more paranoid that most people about cyber security. You will probably think so after I tell you that another thing that helps me sleep better at night is encrypting any of my files that have sensitive content in them. In this post I will go into detail about two tools, one for password management and one for securely encrypting files and how these things can work together to make life easy. Although anyone could use the tools because they both have great user interfaces, as a power user you can take advantage of their CLIs. After all, this is a tech blog right? I will explain how to install and use these tools assuming you are running MacOS. If this isn't true you will have to make some slight adjustments but the principles should work all the same.

Storing Passwords in LastPass

Last Pass is a password manager that stores encrypted passwords. If you aren't using a password manager yet (shame on you...) you should definitely check out LastPass. It is free for a single user and in addition to their web application they have mobile apps for both Android and iOS. It is very easy to use and lives up to its name. Since I have installed LastPass I have never gone to a website and wondered "Which password did I use for this site again?". Like any good password manager, LastPass will generate a random password for a given length and complexity that you ask for. This means that my google account password can be 75 characters long and I don't have to remember it. If LastPass isn't your jam, check out BitWarden. I actually think its better than LastPass although not as popular.

I had been using LastPass for over a year when I found out they had a CLI. I almost fell out of my chair! (I know I'm a little weird...) Here is the Github Repo. Once again the installation is pretty simple as shown in the repo readme, just run brew install lastpass-cli --with-pinentry. Here are a few useful commands once you have the CLI installed. You can also checkout the full documentation here.

lpass login --trust email_address # login to LastPass
lpass ls # list stored passwords
lpass show password_name --password # show a given password on the command line
lpass generate password_name n # generate a password with n characters
password(){echo $(lpass show $1 --password) | pbcopy} # and here is a little function just for kicks and giggles that copies a password to the clip board

Encrypting and Decrypting with AESCrypt

As it says on their website, AESCrypt is a file encryption software application that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files. AESCrypt can be used by anyone because of an easy interface, but it also comes with a CLI which I will take advantage off later in this post. Installing AESCrypt on a Mac is really easy. Simply run brew install aescrypt from your terminal. There are a few critical commands that you will want to know if you are going to use the CLI.

aescrypt -e filename # encrypting a file
aescrypt_keygen -p password secret.key # generate a key file from a password
aescrypt -e -k secret.key filename # encrypt a file using a key file
aescrypt -d filename # decrypting a file
aescrypt -d -k secret.key filename # decrypting a file with a key file

Using LastPass and AESCrypt Together

One of the things that makes AESCrypt easy to use is that it can derive a encryption key from a password that you supply. This means that you can encrypt a whole file securely using a password thats easy to remember. While this may seem like a good idea for you forgetful folks out there, this actually though is something that weakens the security of the encryption. If someone knows that a file was encrypted using AESCrypt they can try to decrypt the file by guessing your password, which may not take that long depending on how strong your password is. That is where LastPass CLI comes in. We can use LastPass to generate and store a secure password to use with AESCrypt.

Let's generate a secure password using the LastPass CLI to use with AESCrypt. The command lpass generate EncryptionKey 1024 will generate a random password that is 1024 characters long. Good luck randomly guessing that! Now I have combined what we have already learned into the following bash functions which can be used to easily encrypt and decrypt files.

encryptionkey(){echo $(lpass show EncryptionKey --password)} # returns the password you just created
encrypt(){ aescrypt -e -p $(encryptionkey) $1 } # uses AESCrypt and the password to encrypt a file. Example: encrypt test.txt
decrypt(){ aescrypt -d -p $(encryptionkey) $1 } # uses AESCrypt and the password to decrypt a file. Example: encrypt test.txt

Go ahead and give these functions a try or write your own. At the very least you should now be able to encrypt and decrypt files securely without having to remember a password or locate a key file!