bcrypt [-orc][-sN] file …

Encrypted files will be saved with an extension of .bfe. Any files ending in .bfe will be assumed to be encrypted with bcrypt and will attempt to decrypt them. Any other input files will be encrypted. If more than one type of file is given, bcrypt will process all files which are the same as the first filetype given.

By default, bcrypt will compress input files before encryption, remove input files after they are processed (assuming they are processed successfully) and overwrite input files with random data to prevent data recovery.

Passphrases may be between 8 and 56 characters. Regardless of the passphrase size, the key is hashed internally to 448 bits – the largest keysize supported by the blowfish algorithm. However, it is still wise to use a strong passphrase.


-o print output to standard out. Implies -r.
-c DO NOT compress files before encryption.
-r DO NOT remove input files after processing
-sN How many times to overwrite input files with random data before processing. The default number of overwrites is 3. Use -s0 to disable this feature. No effect if -r is supplied.


The options o,c and r each have the opposite effects if the appropriate settings are altered from the default in config.h.

Encrypted files should be compatible between most systems. Binary compatibility has been tested for all systems listed above.