A Secret file access authorization system with fingerprint limitation includes an authorization module, encryption module and certification module in a server linked by programs. A user module of least one client machine contains a kernel encryption/decryption unit embedded in the client operation system kernel, so access authorization to secure files can be limited by environment or time fingerprint. Therein the authorization module provides an authorization secret key (ASK) and fingerprint template. The encryption module accepts the ASK and secret files to be encrypted, and provides a decryption secret key (DSK). The user module accepts the ASK and encrypted secret files, and presents a claim for the ASK certification to the certification module. The certification module accepts the DSK and the claim and the template, and provides the certified DSK for the user module, to start the kernel encryption/decryption unit in the user module, and achieve reading and writing of encrypted files.