How to Encrypt Files in Linux

Keep your information safe from prying eyes

Linux offers several useful tools to encrypt files and protect your data from prying eyes. For example, you can use gpg to encrypt files. Some of these tools are built into the operating system, and some must be installed. Here are four methods that can hide your data away.

Hide Files With File Manager

The first method doesn't employ any encryption or password protection. It relies on a feature of the Linux file-display logic to hide something in plain sight.

  1. Open the default file manager for your distribution, then go to the location where you want to hide a file or folder.

  2. Right-click an empty spot in the file manager, then click New > Folder.

    New Folder command in Linux
  3. When prompted, give the new folder a name, but make sure it begins with a period. For example, to name the folder documents, name it .documents.

    In Linux, folders that begin with a period are called hidden folders and aren't displayed, by default, in the file manager or from the command line.

  4. If you can't see hidden folders in the file manager, press Ctrl+H. You should then see all of the hidden folders and files within that directory (including the new one you created).

  5. Move files you want to hide to the new folder.

Use Encryption Software

The next method makes use of encryption software. The command used for this is gpg, which is installed on most Linux distributions. Here's how to encrypt the file ~/Documents/test.docx:

  1. Open a terminal window, then change to the Documents directory with the command:

    cd ~/Documents
    Screenshot of encrypting a file with the gpg command.
  2. Encrypt the file with the command:

    gpg -c test.docx
  3. When prompted, type and verify an encryption password.

  4. You now see a new (encrypted) file, named test.docx.gpg. That new file cannot be opened without decryption.

  5. Decrypt the .gpg file with the command:

    gpg test.docx.gpg
  6. You are prompted for the passphrase you created during the encryption. Type that passphrase to decrypt the file.

    If you didn't move or delete the original file, gpg asks if you want to overwrite the new file or give it a new name. For your first attempt at encrypting and decrypting, either move the original file (before decrypting) or give the newly decrypted file a different name. Once you have the hang of encrypting and decrypting, you can delete the original file after you encrypt it.

  7. When prompted, type and verify an encryption password.

  8. You can now open the encrypted file.

Encrypt Files with a GUI

If you prefer using a graphical tool, and you use a distribution that includes the Nautilus file manager (such as Ubuntu Desktop), encrypt and decrypt files with a simple right-click on the target file. Here's how:

  1. Open a terminal window, then issue the command:

    sudo apt-get install seahorse-nautilus -y
  2. When the installation completes, restart Nautilus with the command:

    nautilus -q
  3. Open the file manager, then go to the directory that contains the file you want to encrypt.

  4. Right-click the file to be encrypted, then click Encrypt.

    Encrypt command in Linux
  5. In the next window, click Use a shared passphrase.

    Use a shared passphrase command in Linux
  6. When prompted, type a new passphrase for the encryption. You'll be asked to type this passphrase twice.

    Screenshot of entering a gpg passphrase.
  7. You should now see the newly encrypted file in the folder.

How to Decrypt Individual Files

To decrypt a file from the file manager, follow these steps:

  1. Right-click the file, then select Open With Decrypt File.

    Open with Decrypt File command
  2. When prompted, give the file a new name, then click Save.

  3. When prompted, type the encryption passphrase.

How to Encrypt a Folder

Encrypt folders using the file manager or the gpg-zip command. The process of encrypting folders in the file manager is the same as encrypting single files. The only difference is that you're asked if you want to encrypt the files individually or together in a package.

To encrypt a folder from the command line, use the gpg-zip command. Here's how:

  1. Encrypt, for example, the Documents directory, with the command:

    gpg-zip -c -o Documents.gpg Documents

    The -c option instructs gpg-zip to encrypt. The -o option indicates what follows is the output (or resulting file name) for the encryption.

  2. When prompted, type (and verify) an encryption passphrase.

  3. You can then decrypt the encrypted folder in the same method you decrypted the file with the command:

    gpg Documents.gpg
  4. The file is now decrypted.