Ubuntu – tool to encrypt a file or directory


What's the most popular way to encrypt individual files or folders?

Best Answer

GnuPG (GPG) can use asymmetric and symmetric encryption. Asymmetric crypto involves a two keys, a public key for encryption and a private key for decryption. See djeikyb answer on this page for asymmetric key usage.

For symmetric encryption, the encryption and decryption keys are equal. It is important to realize that most people are very bad at choosing strong passwords. Thus, an encryption scheme using passwords should use a key-derivation function that takes more resources (time, memory) to slow down brute-force attacks.

For a description of GnuPG's KDF, see this Crypto Stack Exchange post. Example usage of symmetric encryption:

gpg --symmetric < unencrypted_file > encrypted_file


gpg --decrypt < encrypted_file > decrypted_file

Note that gpg caches the symkey by default (documented behavior). In order to avoid that, use --no-symkey-cache option as described in a related answer.

Manual page of gpg.

old answer for users who are able to chose good keys, see note below

For single files, openssl is very useful, especially when sending the file over an unsecured channel (e.g. e-mail). It's free (in money and in freedom), unlike Truecrypt, which is only free in money.

NOTE: the password that you enter here will be processed by one MD5 iteration 1. If you chose a password "123456", then you will have very little security.


openssl aes-256-cbc -salt -in unencrypted_file -out encrypted_file

You'll be asked for a password, which you have to input twice.


openssl aes-256-cbc -d -in encrypted_file -out unencrypted_file

Manual page for the enc program.

1 openssl enc uses the digest function defined by the -md option (default md5) and invokes function EVP_BytesToKey() with an iteration count of 1. This can be found in the openssl source at apps/enc.c.