≡ Menu

Linux or UNIX password protect files

From my mailbag:

Q. How do I password protect files?

Linux and other Unixish oses offers strong file permissions and ACL (access control list) concept in Linux/UNIX computer security used to enforce privilege separation.

However, none of them offers a password to protect files. You can use GNU gpg (GNU Privacy Guard) encryption and signing tool. It is a suite of cryptographic software. Many new UNIX/Linux users get confused with this fact.

Solution is to use following commands to encrypt or decrypt files with a password.

mcrypt command

Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter.

Examples

Encrypt data.txt file:
$ mcrypt data.txt
Output:

Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

A new file is created with the extension .nc i.e. data.txt.nc:

$ ls data.txt.nc
$ cat data.txt.nc

Decrypt the data.txt.nc file:
$ mcrypt -d data.txt.nc
Output:

Enter passphrase:
File data.txt.nc was decrypted.

Verify that file was decrypted:

$ ls data.txt
$ cat data.txt

For mcrypt to be compatible with the Solaris des, the following parameters are needed:
$ mcrypt -a des --keymode pkdes --bare -noiv data.txt
Delete the input file if the whole process of encryption/decryption succeeds (pass -u option):
$ mcrypt -u data.txt
OR
$ mcrypt -u -d data.txt.nc

openssl command

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. You can use the openssl program which is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for encrypt and decrypt files with a password:

Examples:

Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.out
Decrypt encrypted file file.out
$ openssl enc -d -aes-256-cbc -in file.out
Where,

  • enc : Encoding with Ciphers.

See also:

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 5 comments… add one }
  • Graham Cranston July 21, 2006, 8:07 pm

    to delete source file the option is

    mcrypt -u [filename]

    not –u.

    This is not shwon in the options section of the man pages but is right up front in the description of the command.

  • Thiago September 12, 2012, 2:10 am

    On decrypt command, with openssl you forgot to put the ‘out’ file.

    Thanks! Great tip!

    Thiago

  • Pouliot March 1, 2014, 9:59 pm

    How would you go about making a passrod protected file on a lInux box that would be read on a Windows box by the usual Windows user (i.e. an IT naif)

  • jasveer August 25, 2014, 2:48 am

    I want to password procted files

  • Imran June 23, 2016, 7:35 pm

    Hi I wanted to password protect my file but mcryt is not working for me.

    My OS version is given below:-
    Machine 1
    [root@localhost ~]# cat /etc/*-release
    NAME=”Red Hat Enterprise Linux Server”
    VERSION=”7.0 (Maipo)”
    ID=”rhel”
    ID_LIKE=”fedora”
    VERSION_ID=”7.0″
    PRETTY_NAME=”Red Hat Enterprise Linux Server 7.0 (Maipo)”
    ANSI_COLOR=”0;31″
    CPE_NAME=”cpe:/o:redhat:enterprise_linux:7.0:GA:server”
    HOME_URL=”https://www.redhat.com/”
    BUG_REPORT_URL=”https://bugzilla.redhat.com/”

    REDHAT_BUGZILLA_PRODUCT=”Red Hat Enterprise Linux 7″
    REDHAT_BUGZILLA_PRODUCT_VERSION=7.0
    REDHAT_SUPPORT_PRODUCT=”Red Hat Enterprise Linux”
    REDHAT_SUPPORT_PRODUCT_VERSION=7.0
    Red Hat Enterprise Linux Server release 7.0 (Maipo)
    Red Hat Enterprise Linux Server release 7.0 (Maipo)

    Machine 2:
    Red Hat Enterprise Linux Server release 6.8 (Santiago)
    Red Hat Enterprise Linux Server release 6.8 (Santiago)

    Please note that i cannot install any extra packages in both of the machine

Security: Are you a robot or human?

Leave a Comment


   Tagged with: , , , , , , , , , , , , ,