Linux or UNIX password protect files

by on May 15, 2006 · 3 comments· LAST UPDATED December 14, 2007

in , ,

From my mailbag:

Q. How do I password protect files?

Linux and other Unixish oses offers strong file permissions and ACL (access control list) concept in Linux/UNIX computer security used to enforce privilege separation.

However, none of them offers a password to protect files. You can use GNU gpg (GNU Privacy Guard) encryption and signing tool. It is a suite of cryptographic software. Many new UNIX/Linux users get confused with this fact.

Solution is to use following commands to encrypt or decrypt files with a password.

mcrypt command

Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter.


Encrypt data.txt file:
$ mcrypt data.txt

Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

A new file is created with the extension .nc i.e.

$ ls
$ cat

Decrypt the file:
$ mcrypt -d

Enter passphrase:
File was decrypted.

Verify that file was decrypted:

$ ls data.txt
$ cat data.txt

For mcrypt to be compatible with the Solaris des, the following parameters are needed:
$ mcrypt -a des --keymode pkdes --bare -noiv data.txt
Delete the input file if the whole process of encryption/decryption succeeds (pass -u option):
$ mcrypt -u data.txt
$ mcrypt -u -d

openssl command

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. You can use the openssl program which is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for encrypt and decrypt files with a password:


Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.out
Decrypt encrypted file file.out
$ openssl enc -d -aes-256-cbc -in file.out

  • enc : Encoding with Ciphers.

See also:

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 3 comments… read them below or add one }

1 Graham Cranston July 21, 2006 at 8:07 pm

to delete source file the option is

mcrypt -u [filename]

not –u.

This is not shwon in the options section of the man pages but is right up front in the description of the command.


2 Thiago September 12, 2012 at 2:10 am

On decrypt command, with openssl you forgot to put the ‘out’ file.

Thanks! Great tip!



3 Pouliot March 1, 2014 at 9:59 pm

How would you go about making a passrod protected file on a lInux box that would be read on a Windows box by the usual Windows user (i.e. an IT naif)


Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous post:

Next post: