Encrypting Files and folder through terminal

I am new to part of encryption on Ubuntu .

Is there any way to encrypt files and folder with password from terminal ? without using truecrypt or cryptkeeper etc.


You can encrypt and decrypt files with gpg

To encrypt a file

gpg -c file.to.encrypt

To decrypt a file

gpg file.to.encrypt.gpg

But gpg will not do entire directories. For entire directories you have several options, ecryptfs is popular.

# Install if ecryptfs-utils if needed
sudo apt-get install ecryptfs-utils

# Make an encrypted directory
ecryptfs-setup-private

That will make a directory "Private". Any data you put into the directory Private will automatically be encrypted when you log out and decrypted when you log in.

If you want a different behavior or a different directory ...

mkdir ~/secret
chmod 700 ~/secret

sudo mount -t ecryptfs ~your_user/secret ~your_user/secret

Put your data into ~/secrte

To encrypt

sudo umount ~your_user/secret

To Decrypt

sudo mount ./secret ./secret -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes

Hint: make an alias for that second command.

See http://bodhizazen.com/Tutorials/Ecryptfs or man ecryptfs for additional details.


ecryptfs will certainly encrypt files and folders, ensuring that the data that gets written to disk is always encrypted, and that applications which need access to the cleartext context can get that seamlessly.

However, to answer your question specifically, you can certainly encrypt a single file with a passphrase and gpg:

gpg -c /tmp/file > /tmp/file.gpg

To encrypt a folder, you should use tar in conjunction with gpg:

tar zcvf - /tmp/directory | gpg -c > /tmp/directory.tar.gz.gpg

encfs, as suggested by the community docs, works pretty well.

Installing: In order to install you must first add the universe repository

Then issue the command:

sudo apt install encfs

Then simply type into the terminal: encfs encrypted visible to create folders in the current directory named encrypted and visible and set up a password.

For example, if I'm in the default (home) directory (use pwd to see where you are), this will create folders /home/ijoseph/visible and /home/ijoseph/encrypted for me, since my username is ijoseph.

visible can be written and read, and stores its data encrypted in the encrypted folder.

To "hide" your data and leave only the encrypted version of the folder, type fusermount -u visible. You'll want to do this before logging out or physically moving your laptop, usually, for protection. You'll notice everything disappears from the visible folder when you type ls.

To re-mount (re-gain access to the visible folder for read/write), run encfs encrypted visible again.