Linux: How to Encrypt and decrypt files with a password

by nixcraft · 14 comments

To encrypt and decrypt files with a password, use gpg command. It is an encryption and signing tool for Linux/UNIX like operating system such as FreeBSD/Solaris.

GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility.

Encrypting a file in linux

To encrypt single file, use command gpg as follows:
$ gpg -c filename

To encrypt myfinancial.info file, type the command:
$ gpg -c myfinancial.info
Output:

Enter passphrase:<YOUR-PASSWORD>
Repeat passphrase:<YOUR-PASSWORD>

This will create a myfinancial.info.gpg file.
Option:

  • -c : Encrypt with symmetric cipher.

Caution if you ever forgot your password aka passphrase, you cannot recover the data as it use very strong encryption.

Task: decrypt file

To decrypt file use gpg command:
$ gpg myfinancial.info.gpg
Output:

gpg myfinancial.info.gpg
gpg: CAST5 encrypted data
Enter passphrase:<YOUR-PASSWORD>

Decrypt file and write output to file vivek.info.txt you can run command:
$ gpg myfinancial.info.gpg –o vivek.info.txt
Remember if file extension is .asc, it is a ASCII encrypted file and if file extension is .gpg, it is a binary encrypted file.

See also:

Featured Articles:

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 14 comments… read them below or add one }

1 Anonymous 05.22.05 at 9:10 am

Thanks! This helped me a lot. Encryption everywhere seems to be only about e-mail. I just wanted to encrypt a password file.

2 garam 05.27.05 at 12:09 pm

This came very handy…and is now bookmarked! Thanks.

3 David Legg 07.30.07 at 10:58 am

This is fine as far as it goes. However, if you decrypt a file and look at it using a word processor (say), the word processor might well leave back-up copies of your sensitive file in /tmp or in a back-up directory. So when you delete your unencrypted file, you have to delete any other copies that might be lying around the filing system too. A better way around this problem might be to use whole partition encryption: http://encryptionhowto.sourceforge.net/Encryption-HOWTO-4.html
But even then, you need to watch out for stuff that may be on a different disk/partition, e.g. in /tmp.

4 vivek 07.30.07 at 9:32 pm

David,

Good point about backup files. Thanks for sharing howto links.

Appreciate your post!

5 Otávio 01.05.08 at 5:34 pm

Great post.

I need to encript a backup file in non interactive mode, so I do not have a prompt to type the password, because is a automated script.

Do you have how I can proceed?

Tkx in advance.

6 Maroon Ibrahim 01.10.08 at 9:39 pm

Sirs,

can i encrypt squid.conf or httpd.conf that are located on /etc/xxx folder… knowing that squid process and apache process need to access this file in order to read the file configuration! if this is not workable in my case… is there a way to hide the .conf files from even the root users.. please your help is highly appreciated…

greetings from lebanon

Regards,

7 Scream 06.12.08 at 3:10 am

i want to encrypt/hide .conf. your help is highly appreciated…

8 Hassan 12.27.08 at 5:18 am

thank for help I want to decrypt rar files

9 Cool Leecher 04.29.09 at 2:05 pm

1) Unless the app is aware of the encryption , you cannot encrypt such .conf files.
2) It is possibles to write a script that wraps the process , i.e squid and call the gpg , decrypt the file and then call the squid , reencrypt the file , delete the .conf …
It is actually bound to how the process calls his conf files ,i.e at the beginning , in the loop …
3) You can even recompile squid with some crypting lib. and change all calls to read file to be proceeded by a decryption function.
4) No body but the root should have the root pass , other users must be in specific groups that enable them to do some stuff that normally only the root can do and hence avoid giving them the root pass.

10 Jay 06.04.09 at 2:09 am

I thought, even if you encrypt a backup script, it will still run as it is.
But it’s not.

I just want to hide the backup script form others because it contains critical information about the files being backed up.

11 Rishabh Mishra 07.15.09 at 11:30 pm

Jay: I think you will need to create a new backup script that decrypts and reads an encrypted file containing the critical information about the files being backed up.

The information about the files will be protected, and the script should still run normally.

12 sureshkumar 10.21.09 at 10:15 am

It’s very nice stuff … encryption and decryption in linux and tell me how to set password for each file and folder under linux.

13 fffrrr 11.01.09 at 3:37 pm

A good post nixcraft, but I have a doubt, how linux encrypts? I mean in a navite level, without use particular apps or tools… thx

14 Kris 02.01.10 at 2:01 pm

Non interactive encrypt/decrypt:-

Encrypt it…
gpg –yes –passphrase [passphrase] -c [filename]

Decrypt it…
gpg –yes –passphrase [passphrase] [filename]

Piece of pie…

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post:

Next post: