Password Protect Tar.gz File May 2026

gpg --symmetric --cipher-algo AES256 backup.tar.gz

This produces a file named backup.tar.gz.gpg. GPG will ask you to enter and confirm a passphrase.

Why choose GPG over OpenSSL?

openssl is a robust, command-line cryptographic toolkit available on virtually every Linux distribution, macOS, and Windows (via WSL or Git Bash). It uses strong, modern encryption (like AES-256).

First, let's clarify a common misconception. You cannot directly set a password on a .tar.gz file using the standard tar or gzip commands. These tools are designed for archiving and compression, not for security.

When people say "password protect a tar.gz," they actually mean: password protect tar.gz file

Another method is to use tar and gpg (GNU Privacy Guard) to create a tar.gz file and encrypt it with a password.

tar -czf - directory/ | gpg -c -o encrypted.tar.gz

This will prompt you to enter a password to encrypt the file.

To decrypt the file:

gpg -d encrypted.tar.gz | tar -xzf -

In the world of Linux and Unix-based systems, the tar.gz format is the gold standard for file archiving and compression. Whether you are backing up website data, transferring sensitive documents, or archiving project source code, you have likely used the command tar -czvf archive.tar.gz /path/to/data. gpg --symmetric --cipher-algo AES256 backup

However, there is a massive security flaw in the standard tar command: It does not support native password protection.

If you send a standard tar.gz file over email or upload it to a cloud drive, anyone who intercepts it can extract its contents. So, how do you add a password? This article explores every viable method—from command-line hacks to GUI tools—and explains why encryption is superior to simple password locking.

In the world of Linux and Unix-based systems, the tar command is the gold standard for archiving files. When you combine it with gzip (creating a .tar.gz or .tgz file), you get a highly efficient, compressed archive perfect for backups, software distribution, and data transfer.

However, there is a massive, often overlooked flaw in the standard tar process: it does not support encryption by default. This produces a file named backup

If you send a standard tar.gz file over the internet or store it on a shared cloud drive, anyone who gets hold of that file can extract its contents with a simple tar -xzf file.tar.gz command. There is no password, no key, no security.

So, how do you truly password protect a tar.gz file? This article explores every viable method, from simple command-line tricks to industry-standard encryption, and even cross-platform GUI solutions.

GnuPG (GPG) is the standard for encryption and signing. It's user-friendly and offers both symmetric (password) and asymmetric (public/private key) encryption.

Be careful: If you create secret.tar.gz first, then encrypt it, the original unencrypted secret.tar.gz might still be on your disk. Always shred or securely delete the plaintext version.

shred -u secret.tar.gz   # Overwrites and deletes