How to Encrypt Decrypt Files in Linux Tekraze

How to Encrypt and Decrypt Files in Linux

Spread the love
  • 1

Linux makes it easy to encrypt and decrypt files using the “gpg” utility that’s included by default in just about every installation. The package is an open source implementation of a tool previously used by Symantec, and which has even received a chunk of funding from the German government.

In this article, I’ll show you a few quick commands to easily encrypt a file using a passphrase.

Encrypting Files

GNU Privacy Guard” is the full form of “gpg“, and you can get started with encrypting files immediately. In this screenshot for example, I have a sample file with some random content:

secret file encryption tekraze

I can encrypt it using the following command:

gpg -c myfile.txt

This will open up a dialogue box asking for a password. Once you enter the password, you’ll be asked to retype it again to confirm:

passphrase tekraze

That’s it. You’re done! If you look at the original location of the file, you’ll now see another file with the “.gpg” extension like this:

encrypted file tekraze

This contains the encrypted data. You can verify this by opening it and taking a look at the contents as shown above. The output is nothing but junk.

What to Do with the Encrypted File?

Once you have both the original and the encrypted file, you have two options:

  1. Either delete the original from your hard disk
  2. Mail the encrypted file to someone else

The first is so that you can hide sensitive data on your own personal system. The second option is to be able to send someone the encrypted version of the file in a secure manner without anyone looking at it. It’s a great way to share sensitive information.

You need to communicate the passphrase that you generated in the first step. This can be over an unrelated medium like the phone for example. Obviously you don’t want to use the same channel over which you send the encrypted file!

Decrypting the File

Once you have the encrypted file in your hands, it’s time to decrypt it. You can do this using the following command:

gpg -d myfile.text.gpg

However, if you run this command on your own system immediately after encrypting the file, gpg won’t ask you for the password and the contents will be displayed on the screen like this:

showing without password tekraze

This is because the “gpg-agent” process has cached the password you just used and won’t ask you for it again in a certain time frame. We can temporarily bypass this by reloading the agent like this:

echo RELOADAGENT | gpg-connect-agent

This time, it asks you for  the password when you try and decrypt:

Asking for password to decrypt tekraze

You can make behavior permanent by editing this file:


And adding the following lines:

default-cache-ttl 1
max-cache-ttl 1

This sets the expiry of the cache to 1 second.

Note that the decryption dumps the file data onto the screen. If you want, you can send the output to a file using the “-o” parameter as shown here:

gpg -o newfile.txt -d myfile.txt.gpg

Using More Secure Encryption Methods

In the screenshots above, you might have noticed the following message while decrypting:

WARNING: Message was not integrity protected

This means that gpg cannot be sure that the encrypted file has not been tampered with. It’s because by default, gpg uses an older CAST5 encryption protocol. However, newer encryption methods have since been devised that protect against file tampering. The AES protocol for example, is much more secure.

We can force gpg to use 256-bit AES encryption with the following parameter:

--cipher-algo AES256

So the encryption command becomes:

gpg --cipher-algo AES256 -c myfile.txt

This time when we decrypt, we no longer get the warning:

no longer warning tekraze

Even more secure would be to sign the file with your keypair. But that’s for another tutorial!



This post is a Guest from Jeff Wilson from Linux Host Support

Jeff Wilson is a senior Linux system administrator at LinuxHostSupport, a premium server management company that focus on Linux server administration.


If anyone of readers want to share a guest post, he can also do via link Guest-posting Link . Stay connected for more updates coming up next. This one was well 99th post of our blog, We will be starting something new from our 100th post , so stay connected and keep checking.

Leave a comment

Your email address will not be published. Required fields are marked *