5 Best ways to encrypt files in Linux

Even though the Linux platform has a multitude of programs that can be used for encryption/decryption, we have shown you the best ones that are available, and that covers all kinds of encryption that's available for a Linux system.


Privacy is something that almost all of us have concerns about. Many people switch over to Linux because of its better privacy features. In this time, where many people believe (quite rightly so) that privacy doesn’t exist anymore, Linux provides a ray of hope. Distributions like Tails OS are specifically designed for that purpose.

Safest ways to encrypt files on a Linux system

An important element of privacy is encryption. Today, we want to show you the best and most reliable methods of encryption available on the Linux platform.

1. GnuPG

GnuPG is the most used encryption tool on the Linux platform. This makes sense because its a part of the default GNU package and comes preinstalled. Also, because it has the most secure encryption algorithms at work. The way GnuPG works is that it has a public key and private key (as it uses asymmetric encryption). The public key can be sent out to everyone, using which files can be encrypted. But the private key, that only stays with you. And anything that has been encrypted with the public key can only be decrypted with the private key.

This means you’ll first need to set up the keys. Enter this command to generate a key pair:

gpg --gen-key

It will prompt for your real name, and working E-Mail address. Make sure that you enter an active E-mail address, as this will be associated with your public key later. Press ‘O’ when asked if you’re confident or not (but only if you are). Then it will prompt you for a password.

GPG enquiry.
GPG inquiry

Now, make sure you enter a strong password and remember it well. Otherwise, there will be no point of this all. After this, it will have generated the public and private keys.


GPG password prompt.
GPG password prompt


Now, to use GPG, you’ll first have to share your public key and need to know how to encrypt/decrypt files. First of all, to get your public key, enter this command:

gpg --armor --output mypubkey.gpg --export <E-mail that you registered>

This will generate a public key named ‘mypubkey.gpg.’ You can share this public key with anyone that needs to send you encrypted files. Or they could use that associated E-mail address of yours to encrypt data.


GPG public key file.
GPG public key file

Now learning the part to encrypt and decrypt data:

Encrypting files using someone’s public key:

To encrypt a file (assuming name as test.txt), use the command of the following structure:

gpg --output test.txt.gpg --encrypt --recipient <Receiver's E-Mail ID> test.txt

And this is why the registered E-mail ID is so important.

GPG encryption.
GPG encryption

As you can see from the gibberish, the file has been successfully encrypted.

Decrypt files using your private key

To decrypt a file (assuming the name of encrypted file to be test.txt.gpg) encrypted with your public key, you need to enter this command:

gpg --output test.txt --decrypt test.txt.gpg

This will give you a prompt you for the password that you entered while creating the keys.

Decryption password prompt
Decryption password prompt

After entering the password, the resultant file of test.txt will be produced.

GPG decryption.
GPG decryption

2. ccrypt

ccrypt uses 256-AES for encryption as well and is substantially more straightforward. This certainly works in a lesser serious tone, so the program is ideal for not-so-important private files. For example, if you’re uploading something to the cloud storage of some service, you could use this. The usage is quite simple. To encrypt a file, then the following command:

ccentrypt <filename>

It will then prompt you for a password. Enter a password (a long and strong one), and the data will be encrypted with the extension of .cpt.

ccrypt encryption
ccrypt encryption

Now to decrypt:

ccdecrypt <filename.cpt>

You will now be prompted for the password you entered will encrypting that file. Enter the password, and the file will be decrypted.

ccrypt decryption
ccrypt decryption

To install ccrypt on Ubuntu, Debian and their derivatives, enter:

sudo apt-get install ccrypt

ccrypt installation
ccrypt installation

For Fedora and its spins, enter:

sudo dnf install ccrypt

Enter the corresponding command according to your distribution. If your distribution’s repositories do not have it, you can find the binaries here.

3. 7-zip

7-zip uses 256-AES encryption as well and has a very high compression ratio. This is the highlight of 7-zip. Almost everyone has heard of the infamous .zip format. The official name of 7-zip for Linux systems is p7zip (referring to Posix). It has straightforward usage, which we will tell about categorically:

Creating archive

Creating an archive consists of a command in the following format:

7z a <Required .zip archive name> <File names to be archived>

Even though this does create an archive, it still does not encrypt it. To add a password to the archive, we can use the -p switch.

7z a -p <Required .zip archive name> <File names to be archived>

This command is also used to add files to an archive. That’s right, the creation of an archive and addition of files to an archive are done through the same command.

7z encryption.
7z encryption.

This brings us to the next important detail:

Listing files of an archive

The listing command has a simple structure as well that follows this:

7z l <Archive name>


7z listing.
7z listing.

Decrypting an archive

Decryption is also quite a simple task. The required command follows this structure:

7z e <Archive name>

7z decryption
7z decryption.

That should suffice the requirements. But the command is quite more extensive, having options for renaming files inside an archive, to test its integrity, to delete files from one, etc. These can be found through the command:

man 7z


The installation of the full suite of 7z can be done through this command for Ubuntu, Debian or their derivatives:

sudo apt-get install p7zip-full

7z installation
7z installation.

On Fedora and its spins:

sudo dnf install p7zip

For other distributions, the binaries can be found here (at the end of the page).

4. VeraCrypt

VeraCrypt is a unique encryption system and an interesting one at that. Its usage is straightforward, once that you set it up. What it does is create an entire virtual volume that is encrypted. This volume, when mounted the right way, can be used like just another storage device, to copy files to and from in the usual way, but once unmounted, it is no more there. The volume exists inside a blurred binary file, which no one can read. Now let us see how to set this up.


On all distributions, VeraCrypt needs to be downloaded and installed. You can find the package for your distribution here. We are going to show instructions for the graphical version here to keep things accessible for all.

On Ubuntu or Debian or any derivatives, the instructions for installation go like this (considering the file is in the Downloads directory) :

cd Downloads/
sudo dpkg -i <Downloaded package name>

There probably will be missing dependencies. To fix that, run this command:

sudo apt-get -f install

VeraCrypt install
VeraCrypt install.

All good, now let us proceed to the good stuff.


For setting up the encryption method, first of all, an empty file needs to be created. For a sample file, we’ll name it EncryptedVolume (I know, a bit on the nose). To do this, run this command:

touch EncryptedVolume

Now open up VeraCrypt. Among the listed sample volume list, choose anyone. Ideally, the first one (again, to keep things simple). Click the ‘Create Volume‘ option now. This will open up a new window.

Creation window
Creation window.

Now choose the ‘Create an encrypted file container‘ option.

Volume physical feature.
Volume physical feature

We’re going with the ‘Standard VeraCrypt volume.’

Volume type
Volume type.

Click on the ‘Select file‘ box, and select the file you just made, EncryptedVolume.

File location
File location.

The default AES and SHA-512 encrypted is more than enough, so we’re sticking with the default again.

Encryption method selection
Encryption method selection.

Now enter the size of the encrypted volume according to your requirements.

Size of volume
Size of volume.

This is the most crucial step, as you’ll need a good and secure password for strong encryption. The recommended password is >= 20 characters, quite rightly so.

Password selection
Password selection.

The default chosen filesystem (FAT) is not at all problematic. If you desire, you can select another filesystem.

Volume filesystem selection
Volume filesystem selection.

This is the most fun part of the whole setup. A key is generated from the movements of the mouse cursor that you make here. Be as random as possible. When you’re done, press ‘Format.’ Click on ‘Yes‘ on the next confirmation prompt.

Key generation
Key generation.

A new volume will be created. Now click ‘Exit.’

Volume created
Volume created.

Accessing encrypted volume

Now to access the newly created encrypted volume, select the volume that you selected when you set up the encrypted volume (which we recommended, be the first one). On the lower part of the window, click the ‘Select File…‘ option, and choose the file that you created, which has now become the new encrypted volume.

Click on ‘Mount.’

Mounting encrypted volume
Mounting encrypted volume

This will prompt you for the password that you used to set it up. Do not bother with the other options, and click ‘OK.’

Encrypted volume password.
Encrypted volume password

Now it will prompt you for the user password.

User password prompt.
User password prompt

Now when you check your file manager, there will be another volume that will be the size of the volume that you specified in the setup. Now, this is the encrypted virtual volume. To encrypt your files, copy and paste them in this newly mounted volume. When you’re done, go back to VeraCrypt, click on ‘Dismount,’ and this volume will disappear into the EncryptedVolume file again.


Even if you open a file from this volume, it will be copied right into the RAM and run, having no involvement of any other part of the storage device whatsoever. This will be a wholly protected ‘vault,’ which is safe, and appear as a junk file to anyone else. Pretty cool.

5. Tails OS

The final part of this article is Tails OS. This OS itself is created for privacy-oriented user experience. Its called the ‘amnesic incognito live system,’ which can only be accessed through an external USB drive on a host computer, and which is amnesic, meaning it will have nothing but the new default form on every single usage. Any change made on usage will automatically be reversed in the next boot.

Tails OS
Tails OS

By default, it has state of the art cryptography and security measures. Some of the factors include:

  • Encryption and signing of E-mails by default using OpenPGP whenever you use the E-mail client, text editor, or the file browser
  • Instant messages are protected using OTR (which stands for Off-The-Record messaging). It provides are robust encryption for the purpose
  • Securely deletes files (with on option of recovery at all) using Nautilus Wipe

There are several other things, but these are just the toppings to describe their seriousness. You can find more about Tails here. Its quite a handy system to use on the go, as all you need is a system that is not currently in use. If you have the Tails OS USB drive, you can start it up, and when you’re done, no one will know. Not even that USB drive, later on.


Even though the Linux platform has a multitude of programs that can be used for encryption/decryption, we have shown you the best ones that are available, and that covers all kinds of encryption that’s available for a Linux system. Go ahead and choose the one for your needs. Feel free to suggest your favorite ones using the comment form below.

Pulkit Chandak
Pulkit Chandak is a Linux enthusiast and has been using and experimenting with open source software and hardware too since a long time. He is a huge admirer of open source software and wants to ventilate it to all around him. He is interested in reviewing and writing tutorials on Linux and its many distributions. He believes that freedom in software leads to freedom of the mind from the chains of limits.


Please enter your comment!
Please enter your name here




Top 20 Git Commands with Practical Examples

If you are here reading this post, there is a high probability that you have heard or interacted with Github, and you now want to learn Git. Before we continue with showing you some of the cool Git commands, let's understand the difference between Git and GitHub.

Top 10 New Features in Linux Kernel 5.7

Linus Torvalds has announced the release of Linux Kernel 5.7 after seven weeks of development. The release announcement comes as a piece of exciting news as it brings a host of new features for the hardware manufacturers as well as the developers.

How to install CMake on Ubuntu

CMake is a cross-platform free and open-source software tool designed to build, test, and package the software. CMake uses a simple platform and compiler-independent configuration files to control the software compilation process.

How to install Lightworks on Ubuntu

Even though Linux may not get a native installer of video editing software like Adobe Premiere or Final Cut Pro, that doesn't mean there are no industry standards tools available. Lightworks is non-linear editing (NLE) video mastering app for Windows, Linux, and macOS. Installing it on Ubuntu is simple due to deb package availability.

How to install DaVinci Resolve on Fedora

Davinci Resolve is a professional application used for color correction, video editing, visual effects, and motion graphics. It is one of the extensively used software by movie industries located in Hollywood.

The 10 Best Programming Languages for Hacking

One of the significant entities we have in Cyber Security is Ethical Hacking (ETH). It is the process of detecting and finding flaws or vulnerabilities in a system that a hacker would exploit.


Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.
Elementary OS 5.1 Hera has received a point release with a handful of new features and bug fixes, and we will be reviewing the significant changes in this article. For those new to elementary OS, this Ubuntu-based Linux distribution uses their inhouse built Pantheon desktop environment and AppCenter.

How to create a Live Linux USB drive using Etcher

In the Linux community, one thing is common between almost all of the users: trying out different Linux distributions. Most of the Linux based distributions have a great way of being tested as they provide ISO images for creating a Live USB.

How to dual-boot Ubuntu and Fedora on your PC

Every Linux distribution has its capabilities and preferences as per the user requirements. That brings forth the need to run different distros on one laptop. For example, a CyberSecurity enthusiast might prefer to use Ubuntu for development and Kali Linux for penetration testing.

Test drive a Linux distro online before you hate it

Enter DistroTest.net, a website that allows Linux users to test various distros online, without downloading the ISO or installing the distro. With DistroTest.net, you can check a distro with no muss, no fuss.

VIDEO: Linux Lite 4.8 Features and Desktop Tour

Linux Lite eases Windows 7 users transition to Linux much more comfortable by offering simple software like Team Viewer, VLC, Firefox, TimeShift backup utility, and a full Microsoft Office compatible office suite in LibreOffice.