MX Linux offers two easy ways to encrypt files securely: terminal-based GPG for maximum control, and Thunar’s built-in 7z archiving for GUI simplicity. Both use AES-256 encryption, resistant to brute-force when paired with long passphrases.
Terminal: GPG Symmetric Encryption
GPG provides raw AES-256 file encryption without compression. Always specify --cipher-algo AES256, the default CAST5 is outdated and weak.
# Encrypt a single file (TXT, PNG, or ISO)
gpg -c --cipher-algo AES256 document.txt
# Encrypt a directory (tar first, then encrypt)
tar -cf folder.tar my_directory/
gpg -c --cipher-algo AES256 folder.tar
# Verify cipher used
gpg --list-packets document.txt.gpgLook for “AES256 encrypted data” in output. Decrypt with gpg --output original.txt --decrypt document.txt.gpg.
GUI: Thunar 7z Archive Encryption
Thunar’s “Compress” uses Engrampa (file-roller) with p7zip backend. Select 7z for AES-256-CTR (strongest option).
- Right-click file/folder > “Compress…”
- Archive type: 7z
- Filename:
encrypted.7z - Click Password > enter long passphrase > Create
Verify: Terminal 7z l encrypted.7z shows “Method = AES256”. Extract via Thunar double-click + password.
Passphrase Strategy: Longer is Better
LUKS2 and AES-256 derive keys slowly (2-second delay per guess via Argon2id), making length the dominant factor against GPU clusters. Use 6 or more random words with spaces (spaces allowed and boost entropy).
| Passphrase Length | Diceware Words | Time to Crack (1M GPU cores) |
|---|---|---|
| 12 chars | 3 words | Weeks to months |
| 20 chars | 5 words | Centuries |
| 25+ chars | 6-7 words | Billions of years |
Example: “zebra quantum frost velvet glyph maroon”.
Warning! No Password, No Data
Encryption is permanent. If you forget the passphrase, your files are irretrievable forever. Test decryption immediately after encrypting, and store passphrases securely (not digitally for high-value data).