Encryption

Best File Encryption Apps for Linux

This article will cover a list of useful command line applications that can be used to encrypt and decrypt files on your Linux system. These apps use a variety of methods and algorithms to secure your files. Once you encrypt files using these methods, you should be able to decrypt them on any platform as long as it includes necessary apps and libraries required for encryption and decryption.

GPG

“GPG” or “GNU Privacy Guard” allows you to securely encrypt files and data with a strong encryption algorithm. It can encrypt and decrypt data using “key” files. In its simplest form, you can encrypt a file using a passphrase and decrypt it later.

To install GPG in Ubuntu, use the command specified below:

$ sudo apt install gpg

GPG is available by default in all other major Linux distributions. If not, then just search for it in the package manager and install it from there.

To encrypt a file using a passphrase, run a command in the following format:

$ gpg -c file.txt

You will be prompted to enter a passphrase that will be used for encrypting and decrypting the file. Once you have entered the password, GPG will encrypt the file and produce an encrypted file in the following format:

file.txt.gpg

To decrypt the file, run a command in the following format:

$ gpg file.txt.gpg

When you are prompted to enter the password, use the passphrase you initially used to encrypt the file. Once decrypted, you will get back a “file.txt” file.

Another approach to encrypt files using GPG is to use a pair of “public” and “private” keys. Using a public key, you can encrypt a file but it can be decrypted only by using a private key. If you want to send an encrypted file to someone, you can ask for his / her public GPG key. You can use this public key to encrypt the file and send the encrypted file to him. Since he owns the private key associated with the public key, he will be able to decrypt it using the private key. So in order to fully encrypt and decrypt files using GPG key, both key files are needed, public and private.

To generate a GPG key pair, you can use the command below:

$ gpg --generate-key

Follow the onscreen instructions and enter a username and password when prompted. After generating the key pair, GPG will show the generated public key in terminal output. Make a note of it or you can view it later using the following command:

$ gpg --list-keys

You can now send this public key to someone to get encrypted files that can only be decrypted using your private key.

To export public key to a file, run the following command:

$ gpg --armor --export --output "public_key"

Replace “public_key” with your own public key generated in the step above. Your generated private keys will be available in “$HOME/.gnupg/” directory.

To encrypt a file using public key of someone else, use the command below:

$ gpg --encrypt --recipient-file public_key.file file.txt

Replace “public_key.file” with the public key file of the person to whom you want to send the encrypted file.

To decrypt a file that was encrypted using your public key, use the following command:

$ gpg --decrypt --output file.txt file.txt.gpg

Replace “file.txt” with your desired name for the decrypted file. GPG will automatically detect your private keys during decryption as long as they are stored in the “$HOME/.gnupg/” folder.

For any further information on “gpg” command, run the following two commands:

$ gpg --help
$ man gpg

7z

7z is a free and open source utility that can be used to compress files and create archives of files and folders. You can also use it to create encrypted archives and then extract them on any platform that has support for managing 7z archives. 7z uses a strong AES-256 algorithm for encrypting files. In Linux, you can use the “p7zip” archiver to manage 7z files.

To install p7zip in Ubuntu, use the command specified below:

$ sudo apt install p7zip-full

You can install p7zip in other Linux distributions from default repositories or you can compile it from source code.

To encrypt a file or folder using p7zip, use a command in the following format:

$ 7z a -mhe=on archive.7z file1 file2 file3 -p

Replace “archive.7z” with your desired name. You can supply a single file / folder or multiple space separated names. Enter a password for encryption when prompted.

To decrypt, use the following command (enter password when prompted):

$ 7z x archive.7z

For more information on 7z, use the following two commands:

$ 7z --help
$ man 7z

OpenSSL

OpenSSL is a free and open source utility that includes a variety of algorithms to encrypt local as well remote data and files. You can use it to encrypt files on Linux using AES-256 standard. To install openSSL in Ubuntu, use the command below:

$ sudo apt install openssl

OpenSSL comes pre-installed in most Linux distributions. You can also install it from official repositories using the package manager. More downloads are available on its official website.

To encrypt a file using OpenSSL, use a command in the following format:

$ openssl enc -aes-256-cbc -in input.file -out output.file

Replace filenames in command as needed. You will be prompted to enter a password for the encryption process to complete. To decrypt, use the following command:

$ openssl enc -aes-256-cbc -d -in encrypted.file -out decrypted.file

For more information on OpenSSL encryption options, use the following two commands:

$ openssl enc --help
$ man openssl enc

Ccrypt

Ccrypt is a free and open source command line utility that can be used to encrypt files and folders on your Linux system. It is developed as a drop-in replacement for another encryption tool called “crypt” and it provides better encryption methodology and security. To install ccrypt in Ubuntu, use the following command:

$ sudo apt install ccrypt

You can install Ccrypt in other Linux distributions from official repositories. More downloads are available here.

To encrypt a file using Ccrypt, run a command in the following format:

$ ccrypt file.txt

You will be prompted to enter a password. Once the encryption has completed, a new file will be generated having “.cpt” as extension (file.txt.cpt in this case).

To decrypt a “.cpt” file, run a command in the following format:

$ ccdecrypt file.txt.cpt

For more information on Ccrypt commands, use the following commands in a terminal:

$ ccrypt --help
$ man ccrypt

Conclusion

These are some of the most popular command line file encryption utilities available for Linux. Not many graphical file encryption apps are available for Linux. Some of them are present as plugins to various file managers allowing you to create encrypted compressed archives by right clicking on files and folders.

About the author

Nitesh Kumar

I am a freelancer software developer and content writer who loves Linux, open source software and the free software community.