How To Password Protect Files in Linux

The USP of Linux has always been the strong security and stability it offers. Per user/group permissions and ACLs (access control lists) take care of almost all the security needs of a home users as well as an enterprise customer. If there is a need for even more fine grained control, there are various flavors of Linux available that are specifically designed with industrial grade security in mind and certified by organisations such as the NSA.

If you’re a home user, though, all this doesn’t really matter to you. Sure, it helps to have seperate permissions for different users on the system, if you’re sharing your computer with, say, your sibling, but configuring ACLs for home a user is a little overkill, if you ask me.

If all you need is a way to password protect certain important files from the prying eyes of your siblings, kids or pesky neighbors, Linux doesn’t offer anything *out of the box*. Fear not, though, we have just the right tool for you.

Password Protect Files

mcrypt is a utility designed to encrypt/decrypt a file using standard encryption techniques. If you don’t have mcrypt installed, you can install it with the following command.

apt-get install mcrypt

To password protect a file execute the following command

mcrypt <filename>

The above command will output something like this.

khera@khera:~$ mcrypt test1
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase: Enter password here
Enter passphrase: Repeat password here

File test1 was encrypted.
khera@home:~$

By default, mcrypt creates a new encrypted file with the extension .nc added to the original filename and leaves the original file intact. If this is not what you want, and you’d rather not have any traces of the original file, use mcrypt with the “-u” option.

mcrypt -u <filename>

This will ask you for a password as usual and the only difference will be that when the command finishes executing, the original file, test1 in the above case, will be deleted.

Decrypting a Password Protected File

So, now you know how to password protect file but what about decrypting it.

Turns out mcrypt does that too. Just use mcrypt with the “-d” option and it will decrypt the file for you after confirming the password with you.

mcrypt -d <encrypted filename>

The output should look something like this

khera@khera:~$ mcrypt -d test1.nc
Enter passphrase: Enter password here
File test1.nc was decrypted.

Like, in the encryption phase, mcrypt doesn’t delete the original file by default and if that is what you want, use mcrypt with the -u switch.

mcrypt -u -d <encrypted filename>

This will decrypt the file and delete the original encrypted file leaving no traces of it on your computer.

How was that for an easy encryption/decryption utility?

3 thoughts on “How To Password Protect Files in Linux

  1. That was real cool for an easy encryption tool. I have used truecrypt on windows, which i never worked out how to get working on linux. I have heard about mcrypt but not that it was useful for this file encryption.

    The files are portable as in they can be decrypted by friend’s mcrypt if they know the password, right?

    aptitude says the mcrypt package for my distro is buggy and unmaintained by upstream authors and suggests some alternatives among which i suppose gnupg is a valid option. Same for you?

    1. Yes, it should be portable.

      I used apt-get and used it on Debian so didn’t get any friendly warning. That said, gnupg works too. gnupg -c is the option, I think, that will let you encrypt files the same way as mcrypt does.

      1. Thanks for the gnupg help. :)

        in any case per file locking is useful if I was sharing stuff that I want only intended people to say. and intended people are rarely using linux. :)

Comments are closed.