Ubuntu – How to encrypt files after skipping the option during installation


I need to encrypt some files on my machine. I did not select the option do encrypt my home folder at installation, but since there was an option to do so I am guessing that Ubuntu has some inbuilt encryption utility. If so, what is it and can I use it to encrypt certain files on my system (not just home folder) ??

Best Answer

I use the following two encryption programs: truecrypt and openssl; the first allows you to create any size of encrypted container, and the second allows you to encrypt individual files; folders must be tarred before encrypting, as the target to be encrypted must be one single chunk of data.

  • Truecrypt is an excellent program, but is not available in the repositories, so you must go to truecrypt.org to download the program; you want the 'standard' version, and it is available in 32 or 64bit. After downloading, open the terminal and cd to the containing folder and enter tar -zxvf <truecrypt download file>, and then chmod +x <truecrypt setup file>, and then sudo ./<truecrypt setup file>. (You need to use sudo as it will install to the system folders.)

  • Then follow the onscreen prompts and truecrypt will be installed. After that it is best to run it as normal user when you want to create a volume, but with gksudo when you want to mount a volume. (If you create a volume as gksudo, root will own it, and so you would have to chown it for your user to regain ownership.)

  • When creating a volume in truecrypt, there are a lot of options, and even whole usb flash drives, external hard drives, internal hard disk partitions, and more can be encrypted. Even though a long discussion of these aspects of the program is not relevant to this answer, there are several other important things to note. In particular, it can be useful to format the truecrypt volume's filesystem in FAT32. The volume will then be easy to open if the file is transferred to a Windows system, as a volume created with the FAT32 option will be able to be opened by the Windows truecrypt executable.

  • The volume truecrypt creates is in a sense similar to that created with virtualbox; i.e. a virtual disk with its own filesystem. There is good documentation on the site that explains in great detail how to use the program. Also, after installation the pdf guide should be in /usr/share/truecrypt/doc/TrueCrypt User Guide.pdf.

  • I also use openssl (installed as default) to encrypt various files and tarred archives. I use the same commands as given in this section of the Unix toolbox, but I repeat them here for completeness, credit to Colin Barschel. The first command encrypts; the second decrypts in both the files and the folder examples:

    For files:


    openssl aes-128-cbc -salt -in file -out file.aes 


    openssl aes-128-cbc -d -salt -in file.aes -out file

    For tarred folders:


    tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes   


    openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f -