Linux or UNIX password protect files

From my mailbag:

Q. How do I password protect files?

Linux and other Unixish oses offers strong file permissions and ACL (access control list) concept in Linux/UNIX computer security used to enforce privilege separation.

However, none of them offers a password to protect files. You can use GNU gpg (GNU Privacy Guard) encryption and signing tool. It is a suite of cryptographic software. Many new UNIX/Linux users get confused with this fact.

Solution is to use following commands to encrypt or decrypt files with a password.

mcrypt command

Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter.


Encrypt data.txt file:
$ mcrypt data.txt

Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

A new file is created with the extension .nc i.e.

$ ls
$ cat

Decrypt the file:
$ mcrypt -d

Enter passphrase:
File was decrypted.

Verify that file was decrypted:

$ ls data.txt
$ cat data.txt

For mcrypt to be compatible with the Solaris des, the following parameters are needed:
$ mcrypt -a des --keymode pkdes --bare -noiv data.txt
Delete the input file if the whole process of encryption/decryption succeeds (pass -u option):
$ mcrypt -u data.txt
$ mcrypt -u -d

openssl command

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. You can use the openssl program which is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for encrypt and decrypt files with a password:


Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.out
Decrypt encrypted file file.out
$ openssl enc -d -aes-256-cbc -in file.out

  • enc : Encoding with Ciphers.

See also:

🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
5 comments… add one
  • Imran Jun 23, 2016 @ 19:35

    Hi I wanted to password protect my file but mcryt is not working for me.

    My OS version is given below:-
    Machine 1
    [root@localhost ~]# cat /etc/*-release
    NAME=”Red Hat Enterprise Linux Server”
    VERSION=”7.0 (Maipo)”
    PRETTY_NAME=”Red Hat Enterprise Linux Server 7.0 (Maipo)”

    REDHAT_BUGZILLA_PRODUCT=”Red Hat Enterprise Linux 7″
    REDHAT_SUPPORT_PRODUCT=”Red Hat Enterprise Linux”
    Red Hat Enterprise Linux Server release 7.0 (Maipo)
    Red Hat Enterprise Linux Server release 7.0 (Maipo)

    Machine 2:
    Red Hat Enterprise Linux Server release 6.8 (Santiago)
    Red Hat Enterprise Linux Server release 6.8 (Santiago)

    Please note that i cannot install any extra packages in both of the machine

  • jasveer Aug 25, 2014 @ 2:48

    I want to password procted files

  • Pouliot Mar 1, 2014 @ 21:59

    How would you go about making a passrod protected file on a lInux box that would be read on a Windows box by the usual Windows user (i.e. an IT naif)

  • Thiago Sep 12, 2012 @ 2:10

    On decrypt command, with openssl you forgot to put the ‘out’ file.

    Thanks! Great tip!


  • Graham Cranston Jul 21, 2006 @ 20:07

    to delete source file the option is

    mcrypt -u [filename]

    not –u.

    This is not shwon in the options section of the man pages but is right up front in the description of the command.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @