How To Encrypt Files And Folders In Ubuntu

Encrypting files in Linux

Encryption is something everyone should take seriously on any platform. You might think you’re more secure on Linux than you are on Windows or even macOS. But is Linux really as secure as you think?

Encrypt and Decrypt Files Using GnuPG

GnuPG is a free implementation of the OpenPGP standard, also known as Pretty Good Privacy (PGP). It allows you to encrypt your files and sign them, allowing you to securely send files to others.

GnuPG can also be used to encrypt files for yourself to keep them away from prying eyes, and that’s what we’re concentrating on in this article.

Install GnuPG

GnuPG is a command-line tool, but it’s fairly easy to use. It’s widely used, so it’s most likely already installed on your Ubuntu system.

Open a Terminal window by pressing Ctrl + Alt + T and run the following command to install GnuPG 2. If GnuPG 2 is already installed, the system will tell you. If not, GnuPG will be installed:

sudo apt install gnupg2

Set the Default Cipher Algorithm

GnuPG uses various cipher methods or algorithms. The default cipher method in GnuPG 2.1 is AES128. In GnuPG 1.0 and 2.0, the default cipher algorithm is CAST5.

To see a list of available ciphers, run the following command.

gpg2 --version

The AES cipher algorithm in the list is AES128.

You can choose a different cipher algorithm as the default by adding a line to a configuration file GnuPG uses when it runs. The configuration file, called gpg.conf, is in a hidden directory, called .gnupg, in your Home directory. All hidden directories and files start with a period.

We’re going to edit the configuration file in gedit, so run the following command in a Terminal window. 

gedit ~/.gnupg/gpg.conf

Initially, the gpg.conf file doesn’t exist. But running the above command creates the file. You’ll see an empty file in gedit. We want to change the default cipher algorithm to AES256, so we add the following line to the file.

cipher-algo AES256

Save the file and close gedit.

Encrypt Files Using GnuPG

GnuPG allows you to use two of the most common encryption methods, Public key (asymmetric) encryption and Private key (symmetric) encryption. Both methods allow you to encrypt data to hide it from others and then decrypt it. 

We’re encrypting files here for our own security, to keep them away from prying eyes. So, we will use symmetric key encryption, in which the same key is used for both the encryption and decryption stages. Symmetric key encryption is also known as block cipher-based encryption because the data is encrypted in chunks or blocks.

To encrypt a file, first, find the file using either the command line or the File Manager and note the full path to the file. For our example, we’re going to encrypt the following file:

~/Documents/PrivateFiles/MyPrivateFile.txt

If we hadn’t set the default cipher method in the configuration file, as discussed in the previous section, we could specify the encryption method to use when encrypting the file using the following command. We added the –cipher-algo AES256 option.

gpg --symmetric --cipher-algo AES256 ~/Documents/PrivateFiles/MyPrivateFile.txt

You can also use –c in place of –symmetric.

Because we did set the default cipher algorithm in the configuration file, we can encrypt our file using the following command, leaving out the –cipher-algo option.

gpg --symmetric ~/Documents/PrivateFiles/MyPrivateFile.txt

Add a Passphrase

You’ll be asked to enter a passphrase and then to repeat the same passphrase. Be sure you use a strong passphrase. You can store your passphrase in a password manager so you don’t forget it.

Now we have a file named MyPrivateFiles.txt.gpg containing the encrypted data. You should securely delete your original, non-encrypted file.

You can also change the name of the resulting file when encrypting it using the -o (or –output) option. We’ve added -o MyPrivateFile.enc to the command we ran earlier.

gpg -o MyPrivateFile.enc --symmetric ~/Documents/PrivateFiles/MyPrivateFile.txt

Decrypt Files Using GnuPG

To decrypt the file we just encrypted, we run the following command in a Terminal window.

gpg -o ~/Documents/PrivateFiles/DecryptedFile.txt -d ~/Documents/PrivateFiles/MyPrivateFile.txt.gpg

You can change ~/Documents/PrivateFiles/DecryptedFile.txt path and file name to whatever path and file name you want to use for your decrypted file.

Enter the passphrase you assigned to the encrypted file to unlock it.

Our file is decrypted in the location we specified.