5 Best ways to encrypt files in Linux

Even though the Linux platform has a multitude of programs that can be used for encryption/decryption, we have shown you the best ones that are available, and that covers all kinds of encryption that's available for a Linux system.

Privacy is something that almost all of us have concerns about. Many people switch over to Linux because of its better privacy features. In this time, where many people believe (quite rightly so) that privacy doesn’t exist anymore, Linux provides a ray of hope. Distributions like Tails OS are specifically designed for that purpose.

Safest ways to encrypt files on a Linux system

An important element of privacy is encryption. Today, we want to show you the best and most reliable methods of encryption available on the Linux platform.

1. GnuPG

GnuPG is the most used encryption tool on the Linux platform. This makes sense because its a part of the default GNU package and comes preinstalled. Also, because it has the most secure encryption algorithms at work. The way GnuPG works is that it has a public key and private key (as it uses asymmetric encryption). The public key can be sent out to everyone, using which files can be encrypted. But the private key, that only stays with you. And anything that has been encrypted with the public key can only be decrypted with the private key.

This means you’ll first need to set up the keys. Enter this command to generate a key pair:

gpg --gen-key

It will prompt for your real name, and working E-Mail address. Make sure that you enter an active E-mail address, as this will be associated with your public key later. Press ‘O’ when asked if you’re confident or not (but only if you are). Then it will prompt you for a password.

GPG enquiry.
GPG inquiry

Now, make sure you enter a strong password and remember it well. Otherwise, there will be no point of this all. After this, it will have generated the public and private keys.

GPG password prompt.
GPG password prompt

Usage

Now, to use GPG, you’ll first have to share your public key and need to know how to encrypt/decrypt files. First of all, to get your public key, enter this command:

gpg --armor --output mypubkey.gpg --export <E-mail that you registered>

This will generate a public key named ‘mypubkey.gpg.’ You can share this public key with anyone that needs to send you encrypted files. Or they could use that associated E-mail address of yours to encrypt data.

GPG public key file.
GPG public key file

Now learning the part to encrypt and decrypt data:

Encrypting files using someone’s public key:

To encrypt a file (assuming name as test.txt), use the command of the following structure:

gpg --output test.txt.gpg --encrypt --recipient <Receiver's E-Mail ID> test.txt

And this is why the registered E-mail ID is so important.

GPG encryption.
GPG encryption

As you can see from the gibberish, the file has been successfully encrypted.

Decrypt files using your private key

To decrypt a file (assuming the name of encrypted file to be test.txt.gpg) encrypted with your public key, you need to enter this command:

gpg --output test.txt --decrypt test.txt.gpg

This will give you a prompt you for the password that you entered while creating the keys.

Decryption password prompt
Decryption password prompt

After entering the password, the resultant file of test.txt will be produced.

GPG decryption.
GPG decryption

2. ccrypt

ccrypt uses 256-AES for encryption as well and is substantially more straightforward. This certainly works in a lesser serious tone, so the program is ideal for not-so-important private files. For example, if you’re uploading something to the cloud storage of some service, you could use this. The usage is quite simple. To encrypt a file, then the following command:

ccentrypt <filename>

It will then prompt you for a password. Enter a password (a long and strong one), and the data will be encrypted with the extension of .cpt.

ccrypt encryption
ccrypt encryption

Now to decrypt:

ccdecrypt <filename.cpt>

You will now be prompted for the password you entered will encrypting that file. Enter the password, and the file will be decrypted.

ccrypt decryption
ccrypt decryption

To install ccrypt on Ubuntu, Debian and their derivatives, enter:

sudo apt-get install ccrypt

ccrypt installation
ccrypt installation

For Fedora and its spins, enter:

sudo dnf install ccrypt

Enter the corresponding command according to your distribution. If your distribution’s repositories do not have it, you can find the binaries here.

3. 7-zip

7-zip uses 256-AES encryption as well and has a very high compression ratio. This is the highlight of 7-zip. Almost everyone has heard of the infamous .zip format. The official name of 7-zip for Linux systems is p7zip (referring to Posix). It has straightforward usage, which we will tell about categorically:

Creating archive

Creating an archive consists of a command in the following format:

7z a <Required .zip archive name> <File names to be archived>

Even though this does create an archive, it still does not encrypt it. To add a password to the archive, we can use the -p switch.

7z a -p <Required .zip archive name> <File names to be archived>

This command is also used to add files to an archive. That’s right, the creation of an archive and addition of files to an archive are done through the same command.

7z encryption.
7z encryption.

This brings us to the next important detail:

Listing files of an archive

The listing command has a simple structure as well that follows this:

7z l <Archive name>

Example:

7z listing.
7z listing.

Decrypting an archive

Decryption is also quite a simple task. The required command follows this structure:

7z e <Archive name>

7z decryption
7z decryption.

That should suffice the requirements. But the command is quite more extensive, having options for renaming files inside an archive, to test its integrity, to delete files from one, etc. These can be found through the command:

man 7z

Installation

The installation of the full suite of 7z can be done through this command for Ubuntu, Debian or their derivatives:

sudo apt-get install p7zip-full

7z installation
7z installation.

On Fedora and its spins:

sudo dnf install p7zip

For other distributions, the binaries can be found here (at the end of the page).

4. VeraCrypt

VeraCrypt is a unique encryption system and an interesting one at that. Its usage is straightforward, once that you set it up. What it does is create an entire virtual volume that is encrypted. This volume, when mounted the right way, can be used like just another storage device, to copy files to and from in the usual way, but once unmounted, it is no more there. The volume exists inside a blurred binary file, which no one can read. Now let us see how to set this up.

Installation

On all distributions, VeraCrypt needs to be downloaded and installed. You can find the package for your distribution here. We are going to show instructions for the graphical version here to keep things accessible for all.

On Ubuntu or Debian or any derivatives, the instructions for installation go like this (considering the file is in the Downloads directory) :

cd Downloads/
sudo dpkg -i <Downloaded package name>

There probably will be missing dependencies. To fix that, run this command:

sudo apt-get -f install

VeraCrypt install
VeraCrypt install.

All good, now let us proceed to the good stuff.

Setup

For setting up the encryption method, first of all, an empty file needs to be created. For a sample file, we’ll name it EncryptedVolume (I know, a bit on the nose). To do this, run this command:

touch EncryptedVolume

Now open up VeraCrypt. Among the listed sample volume list, choose anyone. Ideally, the first one (again, to keep things simple). Click the ‘Create Volume‘ option now. This will open up a new window.

Creation window
Creation window.

Now choose the ‘Create an encrypted file container‘ option.

Volume physical feature.
Volume physical feature

We’re going with the ‘Standard VeraCrypt volume.’

Volume type
Volume type.

Click on the ‘Select file‘ box, and select the file you just made, EncryptedVolume.

File location
File location.

The default AES and SHA-512 encrypted is more than enough, so we’re sticking with the default again.

Encryption method selection
Encryption method selection.

Now enter the size of the encrypted volume according to your requirements.

Size of volume
Size of volume.

This is the most crucial step, as you’ll need a good and secure password for strong encryption. The recommended password is >= 20 characters, quite rightly so.

Password selection
Password selection.

The default chosen filesystem (FAT) is not at all problematic. If you desire, you can select another filesystem.

Volume filesystem selection
Volume filesystem selection.

This is the most fun part of the whole setup. A key is generated from the movements of the mouse cursor that you make here. Be as random as possible. When you’re done, press ‘Format.’ Click on ‘Yes‘ on the next confirmation prompt.

Key generation
Key generation.

A new volume will be created. Now click ‘Exit.’

Volume created
Volume created.

Accessing encrypted volume

Now to access the newly created encrypted volume, select the volume that you selected when you set up the encrypted volume (which we recommended, be the first one). On the lower part of the window, click the ‘Select File…‘ option, and choose the file that you created, which has now become the new encrypted volume.

Click on ‘Mount.’

Mounting encrypted volume
Mounting encrypted volume

This will prompt you for the password that you used to set it up. Do not bother with the other options, and click ‘OK.’

Encrypted volume password.
Encrypted volume password

Now it will prompt you for the user password.

User password prompt.
User password prompt

Now when you check your file manager, there will be another volume that will be the size of the volume that you specified in the setup. Now, this is the encrypted virtual volume. To encrypt your files, copy and paste them in this newly mounted volume. When you’re done, go back to VeraCrypt, click on ‘Dismount,’ and this volume will disappear into the EncryptedVolume file again.

Dismount
Dismount

Even if you open a file from this volume, it will be copied right into the RAM and run, having no involvement of any other part of the storage device whatsoever. This will be a wholly protected ‘vault,’ which is safe, and appear as a junk file to anyone else. Pretty cool.

5. Tails OS

The final part of this article is Tails OS. This OS itself is created for privacy-oriented user experience. Its called the ‘amnesic incognito live system,’ which can only be accessed through an external USB drive on a host computer, and which is amnesic, meaning it will have nothing but the new default form on every single usage. Any change made on usage will automatically be reversed in the next boot.

Tails OS
Tails OS

By default, it has state of the art cryptography and security measures. Some of the factors include:

  • Encryption and signing of E-mails by default using OpenPGP whenever you use the E-mail client, text editor, or the file browser
  • Instant messages are protected using OTR (which stands for Off-The-Record messaging). It provides are robust encryption for the purpose
  • Securely deletes files (with on option of recovery at all) using Nautilus Wipe

There are several other things, but these are just the toppings to describe their seriousness. You can find more about Tails here. Its quite a handy system to use on the go, as all you need is a system that is not currently in use. If you have the Tails OS USB drive, you can start it up, and when you’re done, no one will know. Not even that USB drive, later on.

Conclusion

Even though the Linux platform has a multitude of programs that can be used for encryption/decryption, we have shown you the best ones that are available, and that covers all kinds of encryption that’s available for a Linux system. Go ahead and choose the one for your needs. Feel free to suggest your favorite ones using the comment form below.

Pulkit Chandak
Pulkit Chandak is a Linux enthusiast and has been using and experimenting with open source software and hardware too since a long time. He is a huge admirer of open source software and wants to ventilate it to all around him. He is interested in reviewing and writing tutorials on Linux and its many distributions. He believes that freedom in software leads to freedom of the mind from the chains of limits.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,420FansLike
377FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

Getting Started with Linux Operating System

The Linux operating system brings forth a vibrant mix of features and security, making it the best alternative to macOS or Windows operating systems. In this post, we will give you a master guide on Getting started with Linux systems - taking you from a complete beginner to a level where you can begin testing the various Linux distributions available with much ease.

How to Create a Comprehensive Mail Server on Ubuntu

Postal is a free and open-source mail server used to send and receive emails. It comes loaded with tons of excellent features and functionalities, making it extremely popular among large organizations as well as in enterprise settings.

The 10 Best Linux Performance Monitoring Tools

Do you want to monitor the performance of your Linux system? Are you looking for some powerful performance monitoring tools to help you out? If you agree, it's your day as we have put together a detailed list of the ten best Linux performance monitoring tools.

How to Boot your Windows or Linux PC from a USB Drive

Sometime back, the process of installing an operating system required users to pop a bootable media disk into their DVD or CD drive and use it to boot the PC. But times have changed. Nowadays, the most common way of installing an OS is booting from a USB drive. The use of USB drives is further propelled by the current production of slim and lightweight laptops with no support for DVD/CD drives.

Python For Loop: Everything You Need to Know

Loops are one of the essential elements in any programming language, and Python is not an exception to it. Loops are used to repeat a statement or a block of statements multiple times. If there were no concept of loops in programming languages, we have to write each statement again and again for the number of times we want to execute it.

How to install LibreOffice on Fedora

If you are looking for a feature-rich and reliable Office Suite for your Fedora PC, then you have an excellent option at hand. LibreOffice, a free and opensource app, has stood the test of time and evolved into a beautiful alternative to Microsoft Office.

MUST READ

Buyers who wish to go for a machine that is based on Linux often show interest in Chromebooks due to the form factor and extended battery life capabilities. Although ChromeOS power these machines, users can still miss out on a more genuine Linux experience. For those who happen to agree, the new Lemur Pro by System76 might get some heads turning.
Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.

Test drive a Linux distro online before you hate it

Enter DistroTest.net, a website that allows Linux users to test various distros online, without downloading the ISO or installing the distro. With DistroTest.net, you can check a distro with no muss, no fuss.

What is FOSS, and how does it differ from Freeware

The rise of the Linux operating system, in all its various distributions, over the past few decades has catapulted the popularity of Free or Open Source Software (FOSS). Let's guide you in understanding what is FOSS, how it differs from freeware and is Linux a FOSS.

VIDEO: Linux Lite 4.8 Features and Desktop Tour

Linux Lite eases Windows 7 users transition to Linux much more comfortable by offering simple software like Team Viewer, VLC, Firefox, TimeShift backup utility, and a full Microsoft Office compatible office suite in LibreOffice.

5 Best Ways to Free up Hard Disk Space in Ubuntu

Hard disk space can easily get filled up with cached package files, old kernels, and other obsolete files that occupy unwanted hard disk space. Here are top five best and safer ways to clean and free up hard disk space in Ubuntu. We show you Terminal and GUI way of cleaning up system.