If you want to encrypt just a single file there exist various options under the Linux, macOS or Windows operating systems. This article shows some of these tools and how and if to use them.


ccrypt can be installed using your package manager (apt, yum, …) if you are using Linux. Homebrew if you are using macOS. And if you are using Windows you can install it using Cygwin.

The following example outlines how you can use ccrypt to encrypt and decrypt a file. Be aware that ccrypt overwrites the given input file by default.

% echo "hello world" > plain.txt
% ccrypt --encrypt plain.txt
Enter password again:
% ls
% ccrypt --decrypt plain.txt.cpt
% ls

The ccrypt packages normally also install further binaries like ccenrypt or ccdecrypt. They are just shortcuts. ccencrypt is a shortcut for ccrypt --encrypt for instance.

ccrypt is based on the Rijndael block cipher, a version of which is also used in the Advanced Encryption Standard (AES). A key with 256 bits is used. The key is derived by hashing the password provided by the user. So keep in mind that it is important to use a strong password (e.g. pwgen --secure 64 1).

Discouraged tools


crypt has been released 50 years ago for the Unix operating system. It’s usage has been discouraged for decades now because it’s encryption algorithm is far too weak for todays use cases. I wanted to include it in this article nontheless because it has inspired a lot of other utility programs used for encryption.


mcrypt is a replacement for the popular Unix crypt command. mcrypt provides the same functionality but uses several modern algorithms such as AES. It is unmaintained and therefore it’s use is discouraged. It’s latest release from 2007 can be downloaded from here.

A note about Netcup (advertisement)

Netcup is a German hosting company. Netcup offers inexpensive, yet powerfull web hosting packages, KVM-based root servers or dedicated servers for example. Using a coupon code from my Netcup coupon code web app you can even save more money (6$ on your first purchase, 30% off any KVM-based root server, ...).