Friday, October 11, 2024
Latest:
ZDNet | Security 

How to encrypt a file on Linux, MacOS, and Windows – and why

TH Author
gettyimages-2169080286

Malte Mueller/Getty Images

You probably have documents on your desktop operating system that contain sensitive information. So what do you do to protect that data? You could hide the document in an obscure folder — but that’s not really safe, because anyone with access to your computer could rummage around and locate the file in question. 

Also: Why you don’t need to pay for antivirus software anymore

What you really need to do is secure that private document with encryption. I’m going to show you how it’s done on the three main desktop operating systems: Linux, MacOS, and Windows.

How to encrypt a file on Linux

I’m going to demonstrate how to do this from the command line. There are other tools for this process, but this particular method is fairly universal across all Linux distributions.

1. Open a terminal window

The first thing to do is open a terminal window and then navigate to the directory housing the file you want to encrypt.

2. Encrypt the file

To encrypt the file, you’ll use the gpg command. If you find GPG isn’t installed on your machine, you can add it from the standard repositories with one of the following commands:

  • sudo apt-get install gnupg -y
  • sudo dnf install gnupg -y
  • sudo pacman -S gnupg

With GnuPG installed, you can encrypt a file like this:

gpg -c FILENAME

Where FILENAME is the name of the file to be encrypted. You’ll be prompted to type and verify a password for the encryption. When the encryption is done, you’ll see a new file with the .gpg extension. You should then delete the original file.

3. Decrypt the file

When you need to view or make changes to the encrypted file, you’ll have to decrypt it with the command:

gpg FILENAME.gpg

There is a trick to this, however. By default, the password you create will remain in the cache, so anyone could run the above command and decrypt the file. 

Also: 7 password rules to live by in 2024, according to security experts

To avoid this, create a new file with the command:

nano ~/.gnupg/gpg-agent.conf

In that file, add the following:

default-cache-ttl 60
max-cache-ttl 120

Save and close the file. The above two lines will ensure the cache is dumped after 60 seconds. Finally, reload the GnuPG config file with:

gpgconf --reload all

You should now be good to go.

How to encrypt a file on MacOS

There are several methods you can use to encrypt a file on MacOS. I outline one of them (and explain why you should) here. That method applies to a folder, but you can always create a folder, move the document into the folder, and then encrypt it.

The other method is the same as on Linux and uses GnuPG. The only challenge is installing GnuPG on MacOS. To do this, you have to use Homebrew, which uses the brew command as a package manager for MacOS. 

1. Install Homebrew

Open your terminal window app and install Homebrew with:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

When prompted, follow the installation instructions.

2. Install GnuPG

From the CLI (Command Line Interface), install GnuPG with:

brew install gnupg

You might be prompted to install the developer tools, which can be done with the command:

xcode-select --install

When the installation is complete, you can encrypt files using the gpg command the same way you would within Linux, as I outlined above.

How to encrypt a file on Windows

With Windows 11, encrypting files is fairly straightforward. Here’s how.

1. Open the file manager

Open the Windows file manager and navigate to the folder containing the file to be encrypted.

2. Encrypt the file

Right-click the file and select Properties. In the Properties window, select the General tab and click Advanced. In the resulting pop-up, click the checkbox for “Encrypt contents to secure data.” 

When asked if encryption should be applied to related folders and files, select that option and click Okay. Click Apply on the Properties window, and you’re safe to close the pop-up. 

The Windows File properties pop-up.

There is one big caveat to using this method in that it doesn’t password-protect your file.

Jack Wallen/ZDNET

This method only encrypts the file and doesn’t password-protect it. To password-protect a file, I recommend installing — you guessed it — GnuPG. 

Also: You should protect your Windows PC data with strong encryption – here’s how and why

To get GnuPG on Windows, you’ll install the Gpg4win package. Installation is as simple as downloading the installer, double-clicking the downloaded file, and walking through the user-friendly install wizard. Once Gpg4win is installed, you can encrypt any file on your drive the same way you did above, with the gpg command.

READ MORE HERE