How to Encrypt Files and Folders in Ubuntu
Pinterest Whatsapp
Advertisement

Encryption is something everyone should take seriously on any platform. You might think you’re more secure on Linux than you are on Windows, or even macOS. But is Linux really as secure as you think Is Linux Really as Secure as You Think It Is? Is Linux Really as Secure as You Think It Is? Linux is often touted as the most secure operating system you can get your hands onto, but is this really the case? Let's take a look at different aspects of Linux computer security. Read More ?

We’ve talked about protecting files and folders on macOS How to Password Protect Files and Folders on Mac How to Password Protect Files and Folders on Mac You can encrypt your entire Mac drive with FileVault, but there are simpler options when it comes to password protecting individual files and folders. Read More and protecting folders on Windows How to Password Protect a Folder in Windows How to Password Protect a Folder in Windows Need to keep a folder private? Here are a few different methods how you can password protect your files on a Windows 10 PC. Read More . You can also protect your information on Linux by encrypting your files and folders.

Here we cover two methods for encrypting your information in Linux: one for encrypting files and one for encrypting an entire folder.

Encrypt and Decrypt Files Using GnuPG

GnuPG is a free implementation of the OpenPGP standard, also known as Pretty Good Privacy PGP Me: Pretty Good Privacy Explained PGP Me: Pretty Good Privacy Explained Pretty Good Privacy is one method for encrypting messages between two people. Here's how it works and whether it stands up to scrutiny. Read More (PGP). It allows you to encrypt your files and sign them, allowing you to securely send files to others.

GnuPG can also be used to encrypt files for yourself to keep them away from prying eyes, and that’s what we’re concentrating on in this article.

Install GnuPG

GnuPG is a command line tool, but it’s fairly easy to use. It’s widely used, so it’s most likely already installed on your Ubuntu system.

Open a Terminal window by pressing Ctrl + Alt + T and run the following command to install GnuPG 2. If GnuPG 2 is already installed, the system will tell you. If not, GnuPG will be installed:

sudo apt install gnupg2

encrypt files and folders in ubuntu

Set the Default Cipher Algorithm

GnuPG uses various cipher methods, or algorithms. The default cipher method in GnuPG 2.1 is AES128. In GnuPG 1.0 and 2.0, the default cipher algorithm is CAST5.

To see a list of available ciphers, run the following command.

gpg2 --version

The AES cipher algorithm in the list is AES128.

encrypt files and folders in ubuntu

You can choose a different cipher algorithm as the default by adding a line to a configuration file GnuPG uses when it runs. The configuration file, called gpg.conf, is in a hidden directory, called .gnupg, in your Home directory. All hidden directories and files start with a period.

We’re going to edit the configuration file in gedit, so run the following command in a Terminal window.

gedit ~/.gnupg/gpg.conf

Initially, the gpg.conf file doesn’t exist. But running the above command creates the file. You’ll see an empty file in gedit. We want to change the default cipher algorithm to AES256, so we add the following line to the file.

cipher-algo AES256

Save the file and close gedit.

encrypt files and folders in ubuntu

Encrypt Files Using GnuPG

GnuPG allows you to use two of the most common encryption methods, Public key (asymmetric) encryption and Private key (symmetric) encryption. Both methods allow you to encrypt data to hide it from others and then decrypt it.

We’re encrypting files here for our own security, to keep them away from prying eyes. So, we will use symmetric key encryption How Does Encryption Work, and Is It Really Safe? How Does Encryption Work, and Is It Really Safe? Read More , in which the same key is used for both the encryption and decryption stages. Symmetric key encryption is also known as block cipher-based encryption because the data is encrypted in chunks or blocks.

To encrypt a file, first find the file using either the command line Become a Linux Command Line Master With These Tips and Tricks Become a Linux Command Line Master With These Tips and Tricks Whether you're brand new to Linux, or a seasoned Linux veteran, the command line offers a bevy of uses. Try these tips for mastering the command line. Read More or the File Manager How to Manage Files in the Linux Terminal and Desktop How to Manage Files in the Linux Terminal and Desktop Once you make the change to Linux, you'll find a sensible desktop that is easy to use, from installing new apps and launching them to organizing your data. Read More and note the full path to the file. For our example, we’re going to encrypt the following file:

~/Documents/PrivateFiles/MyPrivateFile.txt

If we hadn’t set the default cipher method in the configuration file, as discussed in the previous section, we could specify the encryption method to use when encrypting the file using the following command. We added the –cipher-algo AES256 option.

gpg --symmetric --cipher-algo AES256 ~/Documents/PrivateFiles/MyPrivateFile.txt

You can also use –c in place of –symmetric.

Because we did set the default cipher algorithm in the configuration file, we can encrypt our file using the following command, leaving out the –cipher-algo option.

gpg --symmetric ~/Documents/PrivateFiles/MyPrivateFile.txt

Add a Passphrase

You’ll be asked to enter a passphrase and then to repeat the same passphrase. Be sure you use a strong passphrase How to Create a Strong Password That You Will Not Forget How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More . You can store your passphrase in a password manager You Need to Start Using a Password Manager Right Now You Need to Start Using a Password Manager Right Now By now, everyone should be using a password manager. In fact, not using a password manager puts you at greater risk of being hacked! Read More so you don’t forget it.

encrypt files and folders in ubuntu

Now we have a file named MyPrivateFiles.txt.gpg containing the encrypted data. You should securely delete How To Securely Delete & Wipe Data [Linux] How To Securely Delete & Wipe Data [Linux] Read More your original, non-encrypted file.

encrypt files and folders in ubuntu

You can also change the name of the resulting file when encrypting it using the -o (or –output) option. We’ve added -o MyPrivateFile.enc to the command we ran earlier.

gpg -o MyPrivateFile.enc --symmetric ~/Documents/PrivateFiles/MyPrivateFile.txt

Decrypt Files Using GnuPG

To decrypt the file we just encrypted, we run the following command in a Terminal window.

gpg -o ~/Documents/PrivateFiles/DecryptedFile.txt -d ~/Documents/PrivateFiles/MyPrivateFile.txt.gpg

You can change ~/Documents/PrivateFiles/DecryptedFile.txt path and file name to whatever path and file name you want to use for your decrypted file.

Enter the passphrase you assigned to the encrypted file to unlock it.

encrypt files and folders in ubuntu

Our file is decrypted in the location we specified.

encrypt files and folders in ubuntu

If you don’t use the -o option to output the contents of the encrypted file to a new file, the decrypted data gets sent to standard output. So, your encrypted information will display on the screen. If you’re in a place where someone can look over your shoulder at the screen, you should send the contents of the encrypted file to a new file, as described above.

encrypt files and folders in ubuntu

Encrypt and Decrypt Folders Using Gnome Encfs Manager

If you want to encrypt a bunch of files, and even some folders, you can create an encrypted folder using Gnome Encfs Manager, or GEncfsM for short.

GencfsM allows you to create an encrypted container, called a stash, like VeraCrypt on Windows 5 Effective Tools to Encrypt Your Secret Files 5 Effective Tools to Encrypt Your Secret Files We need to pay closer attention than ever before towards encryption tools and anything designed to protect our privacy. With the right tools, keeping our data safe is easy. Read More . You can store all your sensitive file and folders in a stash. You can configure the options for each stash separately, and manage your stashes using a tray menu on the top panel.

If you create a stash in a cloud-synced folder, like Dropbox, you can access the encrypted folder on multiple Linux computers. You can also have GencfsM open at startup and have one or more stashes mount automatically mount at startup.

Install Gnome Encfs Manager

To install GencfsM, press Ctrl + Alt + T to open a Terminal window. Then, run the following command to add the GencfsM PPA.

sudo add-apt-repository ppa:gencfsm

Update the packages in the PPA with the following command.

sudo apt-get update

Then, run the following command to install Gnome Encfs Manager.

sudo apt-get install -y gnome-encfs-manager

encrypt files and folders in ubuntu

The following dialog box displays with a warning about security in Encfs. A security audit in 2014 found some vulnerabilities in Encfs. These vulnerabilities are not easily exploitable, but they do cause Encfs to be not “military grade” secure.

But as long as you’re aware of Linux security issues 4 Surprising Linux Security Issues You Should Be Aware Of 4 Surprising Linux Security Issues You Should Be Aware Of They say you should use Linux if you want security. That might be true, but you still need to be on your toes! Read More and you use security tools 5 Security Tools You Should Have on Linux 5 Security Tools You Should Have on Linux From the start, Linux is quite secure, especially when compared to other operating systems such as macOS or Windows. Even so, it's good to build on that, starting with these tools. Read More and smart security habits No, Linux Doesn't Need an Antivirus or Firewall No, Linux Doesn't Need an Antivirus or Firewall Linux isn't invulnerable. But just because Linux has security holes doesn't mean you need antivirus or firewall software. Here are a few reasons why it may not be as helpful as you think. Read More , using Gnome Encfs Manager should provide the security you need to protect your files.

The OK button on the dialog box is automatically selected. Press Enter to “click” the button and continue installing Gnome Encfs Manager.

encrypt files and folders in ubuntu

Create an Encrypted Directory

You may have to log out of your Ubuntu account and log back in to be able to run Gnome Encfs Manager.

To run the program, click the Search your computer button on the Unity bar and type encfs. When you see the Gnome Encfs Manager icon under Applications, click it.

encrypt files and folders in ubuntu

The main Gnome Encfs Manager window appears. To create a new stash, click the plus icon on the toolbar.

You can create multiple stashes using Gnome Encfs Manager. Maybe you want one for work files and one for personal files.

encrypt files and folders in ubuntu

On the Create or import a stash dialog box, select the location for the encrypted directory under Directory or drive to encrypt or import. If the selected directory does not yet contain a stash, then a new one is created. If there is a stash in the selected directory, it is imported into Gnome Encfs Manager.

Mounting a Directory

The Mount directory must be different from the directory being encrypted. Mounting a directory Mounting Hard Disks and Partitions Using the Linux Command Line Mounting Hard Disks and Partitions Using the Linux Command Line Looking to get more from the Linux terminal? Learning how to manually mount and unmount your hard disks is a great place to start. Modern Linux distributions make this much easier and intuitive than ever. Read More refers to a process that allows you to access files on different devices, such as USB flash drives or external hard disk drives. In this case, think of the encrypted directory as a device. When mounted it will show up in the File Manager as a drive.

You can accept the default values for either or both the directory to encrypt and the mount directory. To use a custom directory for either, select the option next to the blank edit box and click the folder icon on the right side of the edit box. Navigate to the directory you want to use on the dialog box and click Open.

Enter a strong password How to Create a Strong Password That You Will Not Forget How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More for the stash twice in the Password section and then click Create. You can store your passphrase in a password manager You Need to Start Using a Password Manager Right Now You Need to Start Using a Password Manager Right Now By now, everyone should be using a password manager. In fact, not using a password manager puts you at greater risk of being hacked! Read More so you don’t forget it.

Note: If you select an existing directory to encrypt, any files currently in the directory will not be encrypted. If you want to encrypt files in an existing folder, create a new stash and then move those files to the mounted stash.

encrypt files and folders in ubuntu

When you create an encrypted folder, it’s automatically mounted. You’ll see it in a list of locations in the left panel of File Manager. Create files in or copy or move files and folders to this location to protect them.

encrypt files and folders in ubuntu

Unmount an Encrypted Folder

Once you’ve copied all the files and folders you want to protect into the encrypted folder, unmount it to encrypt it and prevent anyone else from accessing the contents.

The encrypted directory will be visible and accessible to anyone who has access to your PC. But its contents are not in readable format when unmounted and encrypted, not even the file names.

To unmount the encrypted folder, uncheck the Mounted box for that folder in the Gnome Encfs Manager window.

encrypt files and folders in ubuntu

Mount and Unmount an Encrypted Folder Using the Tray Menu

You can also access Gnome Encfs Manager in the tray on the top panel. The Show Manager option opens the main GencfsM window. The tray menu also allows you to mount and unmount existing stashes.

To mount a stash using the menu, select the name of the encrypted folder from the menu.

encrypt files and folders in ubuntu

Enter the password for the stash on the Mount stash dialog box and click Mount.

encrypt files and folders in ubuntu

When a stash, or encrypted folder, is mounted, a check mark is shown next to the name of the stash on the tray menu. To unmount the stash, simply select the name of the stash.

encrypt files and folders in ubuntu

Configure Settings

You can configure settings for each stash and for the Gnome Encfs Manager program itself.

Each stash can be configured separately. To configure a stash, select it in the list on the main Gnome Encfs Manager and click the Configure the selected stash (gear) button on the toolbar.

encrypt files and folders in ubuntu

On the Configure stash dialog box, change any settings you want. For information about the options, click Help at the bottom of the dialog box.

encrypt files and folders in ubuntu

You can also set options for the program itself. Go to Manager > Preferences. Change any settings you want on the Preferences dialog box. For information about the options, click Help at the bottom of the dialog box.

encrypt files and folders in ubuntu

Delete Your Encrypted Folder

If you’re done using a stash, you can delete it. Open the Gnome Encfs Manager main window and select the stash you want to delete. Then, click the minus icon on the toolbar.

encrypt files and folders in ubuntu

To delete the stash from the manager but keep the encrypted folder, select Only remove the stash from the manager on the Remove stash dialog box. Choosing this option allows you to import the encrypted folder as a stash again using the steps described in the Create an Encrypted Directory section earlier.

If you know you will not need your encrypted folder at all, you can remove it from the manager and delete the encrypted folder from the disk, permanently deleting the stash. If you choose to do this, mount the encrypted folder and make sure you retrieve any data you’ll need from it before deleting.

To permanently delete a stash, select Delete the stash from disk. You can’t click OK to delete the stash until you check the Yes, I am sure and aware that I could lose my data box.

encrypt files and folders in ubuntu

Protect Your Data in Ubuntu Linux

There are many methods for encrypting your data on Linux. While the methods we discussed will protect your private information from prying eyes, they will not protect you from ransomware Why Encrypting Your Data Won't Protect You From Ransomware Why Encrypting Your Data Won't Protect You From Ransomware Encrypting your data will keep it safe from theft and unauthorized access. But when it comes to ransomware, your encrypted data is little more than a locked safe inside the scammer's locked safe. Read More .

In addition to encrypting your Ubuntu files, you should also seriously consider buying antivirus and antimalware software 4 Things to Consider When Buying a Security Suite 4 Things to Consider When Buying a Security Suite McAfee, Kaspersky, Avast, Norton, Panda - all big names in online security. But how do you decide which to choose? Here are some questions you need to ask yourself when purchasing anti-virus software. Read More to protect your computer.

What methods do you use to encrypt files and folders on Linux? Have you found any other tools we didn’t mention?

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. shawn
    February 6, 2018 at 3:45 pm

    How is this any better than Veracrypt? I've been using Veracrypt for a while, and it seems so much easier to use, no command line work, it is all done from a GUI that is easy to understand. Is Veracrypt not considered secure?

  2. Gazoo
    February 6, 2018 at 4:18 am

    The user-friendly and cross-platform Cryptomator is another option. Works well on Ubuntu-based distros.