Linux or UNIX password protect files

Posted on in Categories Debian Linux, FreeBSD, Howto, Linux, OpenBSD, RedHat/Fedora Linux, Security, Solaris, Suse Linux, Tips, Ubuntu Linux, UNIX last updated May 15, 2006

From my mailbag:

Q. How do I password protect files?

Linux and other Unixish oses offers strong file permissions and ACL (access control list) concept in Linux/UNIX computer security used to enforce privilege separation.

However, none of them offers a password to protect files. You can use GNU gpg (GNU Privacy Guard) encryption and signing tool. It is a suite of cryptographic software. Many new UNIX/Linux users get confused with this fact.

Solution is to use following commands to encrypt or decrypt files with a password.

mcrypt command

Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter.


Encrypt data.txt file:
$ mcrypt data.txt

Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

A new file is created with the extension .nc i.e.

$ ls
$ cat

Decrypt the file:
$ mcrypt -d

Enter passphrase:
File was decrypted.

Verify that file was decrypted:

$ ls data.txt
$ cat data.txt

For mcrypt to be compatible with the Solaris des, the following parameters are needed:
$ mcrypt -a des --keymode pkdes --bare -noiv data.txt
Delete the input file if the whole process of encryption/decryption succeeds (pass -u option):
$ mcrypt -u data.txt
$ mcrypt -u -d

openssl command

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. You can use the openssl program which is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for encrypt and decrypt files with a password:


Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.out
Decrypt encrypted file file.out
$ openssl enc -d -aes-256-cbc -in file.out

  • enc : Encoding with Ciphers.

See also:

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

5 comment

  1. to delete source file the option is

    mcrypt -u [filename]

    not –u.

    This is not shwon in the options section of the man pages but is right up front in the description of the command.

  2. Hi I wanted to password protect my file but mcryt is not working for me.

    My OS version is given below:-
    Machine 1
    [[email protected] ~]# cat /etc/*-release
    NAME=”Red Hat Enterprise Linux Server”
    VERSION=”7.0 (Maipo)”
    PRETTY_NAME=”Red Hat Enterprise Linux Server 7.0 (Maipo)”

    REDHAT_BUGZILLA_PRODUCT=”Red Hat Enterprise Linux 7″
    REDHAT_SUPPORT_PRODUCT=”Red Hat Enterprise Linux”
    Red Hat Enterprise Linux Server release 7.0 (Maipo)
    Red Hat Enterprise Linux Server release 7.0 (Maipo)

    Machine 2:
    Red Hat Enterprise Linux Server release 6.8 (Santiago)
    Red Hat Enterprise Linux Server release 6.8 (Santiago)

    Please note that i cannot install any extra packages in both of the machine

Leave a Comment