There are numerous commands for encrypting files on Linux. When you want to limit access to file contents, you can use file permissions but file encryption makes limiting access much more effective. This post compares some of the commands for encrypting files and provides an easy script for trying them out.\nEncryption means, of course, that a file that you can look at with Linux commands and tools is altered in ways that make it unusable and unreadable unless you reverse the encryption process. Encryption does not generally reduce the size of files unless compression is used as well. In fact, the encryption process might make some files larger. Some commands compress by default; others do not.\nThings to keep in mind when preparing to encrypt a file include how you intend to use it (e.g., secure backups, transfer to another system), how you manage keys so that you can decrypt the file when needed, and whether the original file remains on the original system or is encrypted "in place" -\u00a0 you are left only with the encrypted version of the file.\nNOTE: Some encryption commands can be used with public\/private keys or with passwords provided at the time of the encryption. This post only shows commands using passwords\/passphrases.\ngpg\nOne of the standard and most well know tools for encrypting files on Linux is gpg. It can provide both digital encryption and signing services although, in this post, we\u2019ll just look at encrypting files with a passphrase. Unlike some of the other tools, gpg does apply some file compression before encrypting the file contents.\nIf you type a command like this one, the contents of the file will be encrypted using a symmetric key. In other words, the same word or phrase will\u00a0 be used both to encrypt and to decrypt the file. Public\/private keys can be used with the -e option.\n$ gpg -c BigFile\n\nYou will be prompted twice to enter a password and the original file will remain intact as shown in this example:\n$ ls -l BigFile*\n-rw-rw-r-- 1 shs shs 107740386 Jul 10 13:21 BigFile\n-rw-rw-r-- 1 shs shs 32359452 Jul 11 11:00 BigFile.gpg\n\nNotice the nice reduction in the resultant file size and that original file is still intact.\nThe gpg command only works with one file at a time.\nzip\nThe zip command is generally used to compress files and to collect files into archives for easy storage and transport. The command does, however, also support encryption. You just have the add the --encrypt option.\n$ zip --encrypt BigFile.zip BigFile\n\nLike gpg, zip does both encryption and compression, so the resultant file size should be considerably smaller than the original.\n$ ls -l BigFile*\n-rw-rw-r-- 1 shs shs 107740386 Jul 10 13:21 BigFile\n-rw-rw-r-- 1 shs shs 27587355 Jul 10 14:40 BigFile.zip\n\nSince zip is a tool intended to create archives, you can add multiple files to your encrypted bundle by adding them on the command line.\n$ zip --encrypt loops.zip loop1 loop2\nEnter password:\nVerify password:\n adding: loop1 (deflated 4%)\n adding: loop2 (deflated 10%)\n$ ls -l loops*\n-rw-rw-r-- 1 shs shs 468 Jul 11 09:04 loops.zip\n\n7z\nThe 7z command works like zip, but touts a surprisingly impressive compression ratio. Like zip, it can include a number of files in one encrypted archive. To invoke encryption, include the encryption password on the command line following the -p option.\n$ 7z a BigFile.7z BigFile -phard2gue$$\n\n$ ls -l BigFile*\n-rw-rw-r-- 1 shs shs 107740386 Jul 10 13:21 BigFile\n-rw-rw-r-- 1 shs shs 27674 Jul 11 12:37 BigFile.7z\n\nccrypt\nAnother tool for encrypting and decrypting files, ccrypt (based on the Rijndael block cipher) is believed to provide very strong security and, like the other commands described, is easily run on the command line.\nNotice that ccrypt removes the original file (encrypts the file in place), doesn't significantly change the file size and doesn't alter the file's date\/time to reflect the time the encryption was performed.\n$ ccrypt -e BigFile\n$ ls -l BigFile*\n-rw-rw-r-- 1 shs shs 107740418 Jul 9 10:09 BigFile.cpt\n\nThe ccrypt command can encrypt multiple files with one command, but encrypts them separately.\nmcrypt\nThe mcrypt command prompts for a password twice, leaves the original file intact and changes file permissions to that the encrypted file only provides read and write access permissions to the file owner. It offers a lot of choices with respect to encryption algorithms and also provides options for compressing the files prior to encryption (see-z and -p options. It can work with multiple files, but encrypts them separately.\nUsing the --list option, mycrypt will list the available encryption algorithms.\n$ mcrypt --list\ncast-128 (16): cbc cfb ctr ecb ncfb nofb ofb\ngost (32): cbc cfb ctr ecb ncfb nofb ofb\nrijndael-128 (32): cbc cfb ctr ecb ncfb nofb ofb\ntwofish (32): cbc cfb ctr ecb ncfb nofb ofb\narcfour (256): stream\ncast-256 (32): cbc cfb ctr ecb ncfb nofb ofb\nloki97 (32): cbc cfb ctr ecb ncfb nofb ofb\nrijndael-192 (32): cbc cfb ctr ecb ncfb nofb ofb\nsaferplus (32): cbc cfb ctr ecb ncfb nofb ofb\nwake (32): stream\nblowfish-compat (56): cbc cfb ctr ecb ncfb nofb ofb\ndes (8): cbc cfb ctr ecb ncfb nofb ofb\nrijndael-256 (32): cbc cfb ctr ecb ncfb nofb ofb\nserpent (32): cbc cfb ctr ecb ncfb nofb ofb\nxtea (16): cbc cfb ctr ecb ncfb nofb ofb\nblowfish (56): cbc cfb ctr ecb ncfb nofb ofb\nenigma (13): stream\nrc2 (128): cbc cfb ctr ecb ncfb nofb ofb\ntripledes (24): cbc cfb ctr ecb ncfb nofb ofb\n\nThe mcrypt command appears to use rijndael-128 as its default encryption algorithm. However, you can verify which has been used by using the file command on the compressed file:\n$ file BigFile.bz2.nc\nBigFile.bz2.nc: mcrypt 2.5 encrypted data, algorithm: rijndael-128, keysize: 32 bytes, mode: cbc,\n\nA script for trying encryption commands\nThis script should be called "try" and makes it easy for you to experiment with\u00a0 the tools covered in this post. For example, if you type "try 7z target" (where "target" is the name of the file you want to encrypt), the script will run the command to encrypt your file with 7z and show you the results. If you try to use a command that is not installed on your system, it will explain that it isn't yet set up to use that command.\n#!\/bin\/bash\n\n# verify that 2 arguments have been providedif [ $# != 2 ]; then\n echo "OOPS: command and file name required"\n exit\nfi\n\n# make sure the requested encryption command in available\nwhich $1 > \/dev\/null\nif [ $? != 0 ]; then\n echo "$1 not available"\n exit 1\nfi\n\n# make sure the file exists\nif [ ! -f $2 ]; then\n echo "No such file: $2"\n exit 2\nfi\n\ncase $1 in\n gpg) gpg -c $2\n ;;\n ccrypt) ccrypt -e $2\n ;;\n 7z) echo -n "please provide password: "\n read password\n 7z a $2.7z $2 -p$password\n ;;\n zip) zip --encrypt $2.zip $2\n ;;\n mcrypt) mcrypt -p $2\n ;;\n *) echo "Sorry, this script is not yet set up for $1"\n exit;;\nesac\n\n# show the file(s)\nls -l $2*\n\nThe try script is not set up to encrypt more than one target file at a time as it uses $2 (the second argument provided to the script) to specify the target file and exits if more than one file is provided as an argument. Feel free to modify or add to the script to suit your needs.