An application-based data encryption method implemented in an operating system. When receiving system calls for writing data opened by an application, the operating system encrypts the data utilizing an encryption key. When receiving system calls for reading data requested by the application, the operating system decrypts the data utilizing a decryption key. The encryption key and the decryption key may be the same key or two different keys.