You can use the Archive Manager to zip the file and password protect the zip file.

That is probably the closest thing to right clicking and entering a password that you describe.

To do this right click on the file and choose "Compress" then choose zip as the archive type and in "Other options" you have the option to enter a password.

This is simple to do and stops the problem of someone mounting the file system from a live CD and getting the file that way.

Also you can easily email the file or copy to USB stick, etc without having to worry about having the means to unencrypt the files at the other end, you just need the password.

As many pointed out, access control based on user id and encrypted filesystem is the only real way of securing user data. If, however, all that is stopping you from using Truecrypt is because you don't have a free partition / filesystem that you can use exclusively for storing encrypted data, then you can still make an encrypted file-system inside a file within your existing filesystem.

For this you need to have "sudo" rights, i.e., you must be able to run sudo.

1. Get the latest version of truecrypt
2. Open TrueCrypt (normally found in Applications -> Accessories)
3. Using the gui you can create a new volume contained in a file. You can choose the location of this file.
4. Steps 1-3 are one-time setup. After this whenever you mount this file-system using truecrypt GUI, you will see it in nautilus.
5. You can move the sensitive files and directories within this filesystem.
6. When "you are leaving your computer alone", unmout this using the "dismount" option in the truecrypt GUI.
7. It is also important to use a good password (more than 20 characters at least, as recommended by the developers).

If you want to encrypt a lot of files that you access regularly, an encrypted filesystem is the way to go. But if you have single files that you want to encrypt/decrypt quite rarely (say, a list of passwords) you can do it very easily with a right-click in nautilus:

• Install the seahorse-plugins package
• Create a new key for GPG/PGP (Applications - Accessories - Passwords and Encryption Keys)
• After a restart of nautilus (enter nautilus -q in a terminal or simply log out of your GNOME session) you have two new entries in your right-click menu: Encrypt and Sign, respectively Decrypt for encrypted files

greyfade's answer is correct. Ubuntu is a multi-user system. If anyone else uses your computer they should have their own user account. One user per account; there is no good reason for users to share accounts, ever. You can set up a hotkey to log out when you leave your computer. Using Ctrl+Alt+L when you leave locks the computer. If someone else wants to use it, they can log in to their own account without affecting your session. Again, sharing user accounts is a bad habit and a bad idea for many reasons. Please don't do it.

If you're only concerned about other users on your system who don't have administrator rights, it's enough to use file permissions to control access. If there are other people with administrator rights or physical access, password protection means encryption¹.

The easiest way to encrypt a few files under Linux is the encfs filesystem. On the command line, run

encfs ~/.encfs ~/encrypted

Then create files under the encrypted directory. They are in fact stored in encrypted form inside ~/.encfs. When you've finished working, run

fusermount -u ~/encrypted

If you want to encrypt your whole home directory, ecryptfs is a better option. For more information, see What is the easiest way to encrypt a dir? (on Ubuntu) on Super User.

¹ Strictly speaking, you also need protection against someone installing a keylogger (“evil maid attack”), but that's a lot harder to achive on current desktop operating systems and hardware.

No, not really.

You can use Truecrypt to create a volume to store sensitive files in (sudo apt-get install easycrypt for a nice front-end), but otherwise there isn't really a way to password-lock your files.

I'd suggest that you lock or log out when you leave your computer.

Password-protecting a file is nice and fine in a system which is otherwise not physically accessible, ie one that you cannot turn off and restart using a live CD for example. If the computer is a desktop that anyone can turn off, one can restart it with a live CD and gain access to all files on the hard disk, whether those are system files, config files, home directories, etc.

I would rather recommend that you use an encrypted file system, such as TrueCrypt, which will remain useless on any system unless the authorized user enter the proper credentials. It will do more than just password-protect your files, but will also protect them from external accesses.

Everything also depends on what would be the cost of some of those files were getting shared, vs the cost and effort to implement something as TrueCrypt and the tool presented earlier, easycrypt.

Use a Guest session!

Unless you expect people to gain increased privileges (e.g. root) in your machine, or for example boot from a CD-ROM and mount and browse your filesystems (or even reading the raw disk sectors), you may not have to encrypt some/all files on your hard drive. You can simply set permissions on directories and/or files to keep the "curious" from opening and browsing them. This is why, in normal operations, you

1. Don't use a root account as your normal user.
2. Don't give out your password (or root's password) to other users. ;-)

The Session applet on the top right of your window allows you to start a Guest session, which disappears when you log out. See for example this image. The Guest Session option starts a temporary session for anyone borrowing your computer. Your files are not visible -- unless you've specifically given universal read permissions. This is the ideal when you just want to "borrow" your computer to a guest who wants to do some quick browsing. It might not be what you want if you'd like to provide permanent accounts (i.e. residing under /home, as your account is likely to be). The Guest account cannot "see" anything under /home because the session doesn't have the right permissions.

Change the permissions

(Note: If someone has root permissions, this won't make a difference. Such a person will be able to access your unencrypted files just the same.) Suppose you have a folder (or a set of files) that you want to keep other users from reading/accessing.

1. Select the folder (or files) you want to affect, then right-click on the selection (with your mouse).
2. Select Properties.
3. Go to the Permissions tab.
4. Under the "Others" group, select "Access to folder" and "Access to file" as "None".

This doesn't encrypt the affected files and directories, but it does keep people (not having root permissions, of course) from prying into your account.

Allow some users

(Note: If someone has root permissions, this won't make a difference. Such a person will be able to access your unencrypted files just the same.) If you want to allow only a group of users to access a set of files or folders, you can do the same. For example, you may want to reserve read+write permissions for yourself, but only read permissions for a group (or even read+write for them as well) on those files and folders.

1. If the group name you want to select doesn't yet exist, you'll have to create it. Go to System > Administration > Users and Groups.
   1. Click on the Manage groups button.
   2. Click Add. You'll need to enter your password (if your account has admin permissions, otherwise use the root password if you have it).
   3. Enter a group name. The group names follow the same rules when providing a user name; I suggest you only use letters and numbers, without spaces. You can leave the suggested Group ID (starting at 1001 for example). Select the users that will belong to the group.
   4. Click OK to apply. Click Close on the previous window. Click Close to close Users and Groups.
   5. You may need to logout+login for your account to "see" the new group. It also applies to any already-logged in users.
2. Use the same procedure as above to apply Group permissions. Please note that you'll have to provide the Group name when applying permissions. You can only use one group.

This doesn't encrypt the affected files and directories, but it does keep people (not having root permissions, of course) from prying into your account.

Encryption

Other users here have provided more details specifically for solutions using encryption. If you really require encryption -- and not just controlling access to your files -- you may want to look into those answers. But please note that access to those files will always be slower, due to the necessary overhead for applying the encryption/decryption algorithms. The description I provided above implements a (very!) basic measure of access control with virtually no performance impact.

Try to search for and install ‘ecryptfs-utils’ in Ubuntu Software Center

After installing, go to Applications –> Accessories –> Terminal and run the command below:

ecryptfs-setup-private

You’ll be prompted to type your login passphrase (password), and to create one for your private folder.

When you’re done creating your password, Log Out and Log back in.

Next, go to Places –> Home Folder.

And new folder should be created in your home directory called ‘Private’. This folder in encrypted and password-protected. Move all your personal stuff into this folder to secure them.

Users without access to the folder will be denied.

For More Help

Thank you all for your answers; it seems there is no way to easily stop accidental viewing of certain files and folders. This is very unfortunate; the closest is the .zip file method, but as I'd rather not compress and decompress, I suppose I'll have to make do with the risk.