How to Encrypt Files on Linux Using GPG, Ccrypt, Bcrypt and 7-Zip

Linux has several different command line tools that can encrypt and decrypt files using a password supplied by the user. Such encryption tools have a myriad of uses, including the ability to encrypt files ready for sending securely over the Internet without the worry of third parties accessing the files if somehow the transmission is intercepted.

Before looking at the individual tools you need to make sure that all the relevant packages are installed. For Ubuntu, you would use the following command to install the programs:

sudo apt-get install gnupg bcrypt ccrypt p7zip-full


GNU Privacy Guard (GPG) is a tool primarily designed for encrypting and signing data using public key cryptography. It does however also contain the ability to encrypt data using just a user supplied password and it supports a variety of cryptographic algorithms.

To encrypt a file, in this case “big.txt“, using gpg , enter the following command:

gpg -c big.txt

You will be prompted to enter a password (twice). A new file is created during the encryption process called “big.txt.gpg“. The original file will also remain, so you will need to delete it if you only intend to keep an encrypted copy. If you compare the file sizes of the original file and the encrypted file, you will see that the encrypted file is smaller. This is because gpg compresses the file during encryption. If the file is already compressed (e.g. a .zip file or a .tgz file) then the encrypted file might actually end up being slightly larger.

To decyrpt the file use:

gpg big.txt.gpg

By default, files encrypted with gpg will use the “cast5” encryption algorithm which is approved by the Canadian government’s national cryptologic agency. However the gpg utility also supports a number of different built-in encryption algorithms including Triple DES (3DES), which is used by the electronic payment industry; Advanced Encryption Standard (AES), an encryption technique approved by the U.S. National Institute of Standards and Technology (NIST); and Camellia, a cipher jointly developed by Mitsubishi and NTT which is approved by the EU and Japan.

To see a list of the algorithms available type:

gpg --version


The list of available algorithms is shown in the “Supported algorithms” section of the output under the “Cipher” tag. To use a different algorithm add the “-crypto-algo” parameter followed by the algorithm you want to use, e.g. “-crypto-algo=3DES

The full command then becomes:

gpg -c -crypto-algo=3DES big.txt

bcrypt and ccrypt

gpg isn’t the only encryption tool available on Linux. The original Unix systems included a command called “crypt“, however the level of security it provided was very low. In its honor, there are some other commands which can replace it including “bcrypt” and “ccryrpt“.

bcrypt uses the blowfish algorithm while ccrypt is based on the Rijndael cipher, which is the algorithm used for AES. Many cryptoanalysts no longer recommend the use of the blowfish algorithm as there are some theoretical attacks published which weaken it, however for casual encryption, which won’t be subject to state-level (NSA, MI5, FSA) snooping, it is still useful.

To encrypt with bcrypt use:

bcrypt big.txt

Unlike gpg, the bcrypt command will replace the original file with the encrypted file and add .bfe to the end of the file name. Like gpg, the resulting file is also compressed and so the file size should be significantly smaller for uncompressed files. Compression can be disabled by using the “-c” parameter.

To decrypt the file use:

bcrypt big.txt.bfe

The .bfe file will be replaced by the original unencrypted file.

There are three possible ways to call the ccrypt command:

  • by using ccrypt directly with either the -e or -d options
  • to encrypt or decrypt respectively or by using the ccencrypt
  • ccdecrypt commands.

To encrypt a file enter:

ccencrypt big.txt

The original file will be replaced by big.txt.cpt. Unlike gpg and bcrypt, the output isn’t compressed. If compression is needed then tools like gzip can be used. Suggested file extensions for compressed and encrypted files are .gz.cpt or .gzc.

To decrypt a file use:

ccdecrypt big.txt.cpt


The 7-Zip compression tool also incorporates AES encryption. To create an encrypted archive use the “-p” parameter with the 7z command:

7z a -p big.txt.7z big.txt

You will be prompted to enter a password (twice). The file will then be compressed and encrypted. The original file will remain, so as with the gpg command, you will need to delete it if you only want to keep an encrypted copy. The advantage of using 7-Zip is that multiple files and folders can be archived and encrypted at once.


By using these compression techniques, sensitive data can be encrypted with sufficient strength that even government sponsored agencies won’t be able to access your files. As with all passwords (for use online or offline), using longer phrases provides better security than shorter ones.

Gary Sims

Gary has been a technical writer, author and blogger since 2003. He is an expert in open source systems (including Linux), system administration, system security and networking protocols. He also knows several programming languages, as he was previously a software engineer for 10 years. He has a Bachelor of Science in business information systems from a UK University.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox