Encryption is something everyone should take seriously on any platform. You might think you're more secure on Linux than you are on Windows, or even macOS. But is Linux really as secure as you think?

We've talked about protecting files and folders on macOS and protecting folders on Windows. You can also protect your information on Linux by encrypting your files and folders.

Here we cover two methods for encrypting your information in Linux: one for encrypting files and one for encrypting an entire folder.

Encrypt and Decrypt Files Using GnuPG

GnuPG is a free implementation of the OpenPGP standard, also known as Pretty Good Privacy (PGP). It allows you to encrypt your files and sign them, allowing you to securely send files to others.

GnuPG can also be used to encrypt files for yourself to keep them away from prying eyes, and that's what we're concentrating on in this article.

Install GnuPG

GnuPG is a command line tool, but it's fairly easy to use. It's widely used, so it's most likely already installed on your Ubuntu system.

Open a Terminal window by pressing Ctrl + Alt + T and run the following command to install GnuPG 2. If GnuPG 2 is already installed, the system will tell you. If not, GnuPG will be installed:

        sudo apt install gnupg2
    
encrypt files and folders in ubuntu

Set the Default Cipher Algorithm

GnuPG uses various cipher methods, or algorithms. The default cipher method in GnuPG 2.1 is AES128. In GnuPG 1.0 and 2.0, the default cipher algorithm is CAST5.

To see a list of available ciphers, run the following command.

        gpg2 --version
    

The AES cipher algorithm in the list is AES128.

encrypt files and folders in ubuntu

You can choose a different cipher algorithm as the default by adding a line to a configuration file GnuPG uses when it runs. The configuration file, called gpg.conf, is in a hidden directory, called .gnupg, in your Home directory. All hidden directories and files start with a period.

We're going to edit the configuration file in gedit, so run the following command in a Terminal window.

        gedit ~/.gnupg/gpg.conf
    

Initially, the gpg.conf file doesn't exist. But running the above command creates the file. You'll see an empty file in gedit. We want to change the default cipher algorithm to AES256, so we add the following line to the file.

        cipher-algo AES256
    

Save the file and close gedit.

encrypt files and folders in ubuntu

Encrypt Files Using GnuPG

GnuPG allows you to use two of the most common encryption methods, Public key (asymmetric) encryption and Private key (symmetric) encryption. Both methods allow you to encrypt data to hide it from others and then decrypt it.

We're encrypting files here for our own security, to keep them away from prying eyes. So, we will use symmetric key encryption, in which the same key is used for both the encryption and decryption stages. Symmetric key encryption is also known as block cipher-based encryption because the data is encrypted in chunks or blocks.

To encrypt a file, first find the file using either the command line or the File Manager and note the full path to the file. For our example, we're going to encrypt the following file:

        ~/Documents/PrivateFiles/MyPrivateFile.txt
    

If we hadn't set the default cipher method in the configuration file, as discussed in the previous section, we could specify the encryption method to use when encrypting the file using the following command. We added the --cipher-algo AES256 option.

        gpg --symmetric --cipher-algo AES256 ~/Documents/PrivateFiles/MyPrivateFile.txt
    

You can also use --c in place of --symmetric.

Because we did set the default cipher algorithm in the configuration file, we can encrypt our file using the following command, leaving out the --cipher-algo option.

        gpg --symmetric ~/Documents/PrivateFiles/MyPrivateFile.txt
    

Add a Passphrase

You'll be asked to enter a passphrase and then to repeat the same passphrase. Be sure you use a strong passphrase. You can store your passphrase in a password manager so you don't forget it.

encrypt files and folders in ubuntu

Now we have a file named MyPrivateFiles.txt.gpg containing the encrypted data. You should securely delete your original, non-encrypted file.

encrypt files and folders in ubuntu

You can also change the name of the resulting file when encrypting it using the -o (or --output) option. We've added -o MyPrivateFile.enc to the command we ran earlier.

        gpg -o MyPrivateFile.enc --symmetric ~/Documents/PrivateFiles/MyPrivateFile.txt
    

Decrypt Files Using GnuPG

To decrypt the file we just encrypted, we run the following command in a Terminal window.

        gpg -o ~/Documents/PrivateFiles/DecryptedFile.txt -d ~/Documents/PrivateFiles/MyPrivateFile.txt.gpg
    

You can change ~/Documents/PrivateFiles/DecryptedFile.txt path and file name to whatever path and file name you want to use for your decrypted file.

Enter the passphrase you assigned to the encrypted file to unlock it.

encrypt files and folders in ubuntu

Our file is decrypted in the location we specified.

encrypt files and folders in ubuntu

If you don't use the -o option to output the contents of the encrypted file to a new file, the decrypted data gets sent to standard output. So, your encrypted information will display on the screen. If you're in a place where someone can look over your shoulder at the screen, you should send the contents of the encrypted file to a new file, as described above.

encrypt files and folders in ubuntu

Encrypt and Decrypt Folders Using Gnome Encfs Manager

If you want to encrypt a bunch of files, and even some folders, you can create an encrypted folder using Gnome Encfs Manager, or GEncfsM for short.

GencfsM allows you to create an encrypted container, called a stash, like VeraCrypt on Windows. You can store all your sensitive file and folders in a stash. You can configure the options for each stash separately, and manage your stashes using a tray menu on the top panel.

If you create a stash in a cloud-synced folder, like Dropbox, you can access the encrypted folder on multiple Linux computers. You can also have GencfsM open at startup and have one or more stashes mount automatically mount at startup.

Install Gnome Encfs Manager

To install GencfsM, press Ctrl + Alt + T to open a Terminal window. Then, run the following command to add the GencfsM PPA.

        sudo add-apt-repository ppa:gencfsm
    

Update the packages in the PPA with the following command.

        sudo apt-get update
    

Then, run the following command to install Gnome Encfs Manager.

        sudo apt-get install -y gnome-encfs-manager
    
encrypt files and folders in ubuntu

The following dialog box displays with a warning about security in Encfs. A security audit in 2014 found some vulnerabilities in Encfs. These vulnerabilities are not easily exploitable, but they do cause Encfs to be not "military grade" secure.

But as long as you're aware of Linux security issues and you use security tools and smart security habits, using Gnome Encfs Manager should provide the security you need to protect your files.

The OK button on the dialog box is automatically selected. Press Enter to "click" the button and continue installing Gnome Encfs Manager.

encrypt files and folders in ubuntu

Create an Encrypted Directory

You may have to log out of your Ubuntu account and log back in to be able to run Gnome Encfs Manager.

To run the program, click the Search your computer button on the Unity bar and type encfs. When you see the Gnome Encfs Manager icon under Applications, click it.

encrypt files and folders in ubuntu

The main Gnome Encfs Manager window appears. To create a new stash, click the plus icon on the toolbar.

You can create multiple stashes using Gnome Encfs Manager. Maybe you want one for work files and one for personal files.

encrypt files and folders in ubuntu

On the Create or import a stash dialog box, select the location for the encrypted directory under Directory or drive to encrypt or import. If the selected directory does not yet contain a stash, then a new one is created. If there is a stash in the selected directory, it is imported into Gnome Encfs Manager.

Mounting a Directory

The Mount directory must be different from the directory being encrypted. Mounting a directory refers to a process that allows you to access files on different devices, such as USB flash drives or external hard disk drives. In this case, think of the encrypted directory as a device. When mounted it will show up in the File Manager as a drive.

You can accept the default values for either or both the directory to encrypt and the mount directory. To use a custom directory for either, select the option next to the blank edit box and click the folder icon on the right side of the edit box. Navigate to the directory you want to use on the dialog box and click Open.

Enter a strong password for the stash twice in the Password section and then click Create. You can store your passphrase in a password manager so you don't forget it.

Note: If you select an existing directory to encrypt, any files currently in the directory will not be encrypted. If you want to encrypt files in an existing folder, create a new stash and then move those files to the mounted stash.

encrypt files and folders in ubuntu

When you create an encrypted folder, it's automatically mounted. You'll see it in a list of locations in the left panel of File Manager. Create files in or copy or move files and folders to this location to protect them.

encrypt files and folders in ubuntu

Unmount an Encrypted Folder

Once you've copied all the files and folders you want to protect into the encrypted folder, unmount it to encrypt it and prevent anyone else from accessing the contents.

The encrypted directory will be visible and accessible to anyone who has access to your PC. But its contents are not in readable format when unmounted and encrypted, not even the file names.

To unmount the encrypted folder, uncheck the Mounted box for that folder in the Gnome Encfs Manager window.

encrypt files and folders in ubuntu

Mount and Unmount an Encrypted Folder Using the Tray Menu

You can also access Gnome Encfs Manager in the tray on the top panel. The Show Manager option opens the main GencfsM window. The tray menu also allows you to mount and unmount existing stashes.

To mount a stash using the menu, select the name of the encrypted folder from the menu.

encrypt files and folders in ubuntu

Enter the password for the stash on the Mount stash dialog box and click Mount.

encrypt files and folders in ubuntu

When a stash, or encrypted folder, is mounted, a check mark is shown next to the name of the stash on the tray menu. To unmount the stash, simply select the name of the stash.

encrypt files and folders in ubuntu

Configure Settings

You can configure settings for each stash and for the Gnome Encfs Manager program itself.

Each stash can be configured separately. To configure a stash, select it in the list on the main Gnome Encfs Manager and click the Configure the selected stash (gear) button on the toolbar.

encrypt files and folders in ubuntu

On the Configure stash dialog box, change any settings you want. For information about the options, click Help at the bottom of the dialog box.

encrypt files and folders in ubuntu

You can also set options for the program itself. Go to Manager > Preferences. Change any settings you want on the Preferences dialog box. For information about the options, click Help at the bottom of the dialog box.

encrypt files and folders in ubuntu

Delete Your Encrypted Folder

If you're done using a stash, you can delete it. Open the Gnome Encfs Manager main window and select the stash you want to delete. Then, click the minus icon on the toolbar.

encrypt files and folders in ubuntu

To delete the stash from the manager but keep the encrypted folder, select Only remove the stash from the manager on the Remove stash dialog box. Choosing this option allows you to import the encrypted folder as a stash again using the steps described in the Create an Encrypted Directory section earlier.

If you know you will not need your encrypted folder at all, you can remove it from the manager and delete the encrypted folder from the disk, permanently deleting the stash. If you choose to do this, mount the encrypted folder and make sure you retrieve any data you'll need from it before deleting.

To permanently delete a stash, select Delete the stash from disk. You can't click OK to delete the stash until you check the Yes, I am sure and aware that I could lose my data box.

encrypt files and folders in ubuntu

Protect Your Data in Ubuntu Linux

There are many methods for encrypting your data on Linux. While the methods we discussed will protect your private information from prying eyes, they will not protect you from ransomware.

In addition to encrypting your Ubuntu files, you should also seriously consider buying antivirus and antimalware software to protect your computer.

What methods do you use to encrypt files and folders on Linux? Have you found any other tools we didn't mention?