Are there any built in command-line tools that I can encrypt and decrypt a text file (and provide it some sort of password).
Asked
Active
Viewed 8.0k times
60
-
1Built in = comes with the Mac, pre-installed? – wizlog Dec 21 '11 at 21:02
3 Answers
86
openssl comes pre-installed on Mac OS X.
You can use the following commands:
# encrypt file.txt to file.enc using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
# the same, only the output is base64 encoded for, e.g., e-mail
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc
# decrypt binary file.enc
openssl enc -d -aes-256-cbc -in file.enc -out file.txt
# decrypt base64-encoded version
openssl enc -d -aes-256-cbc -a -in file.enc -out file.txt
(copied from OpenSSL Command-Line HOWTO: How do I simply encrypt a file?)
You will be prompted for a password. You can also specify a password on the command-line using -pass pass:mySillyPassword or -pass file:/path/to/secret/password.txt
These commands use 256-bit AES ecryption with Cipher Block Chaining (CBC), which is about as secure as it gets right now.
-
1
-
4Once you executed any of the above `openssl` commands, it asks you to `enter aes-256-cbc encryption password`. – Dennis Jan 10 '12 at 23:45
-
2@codecompleting Or specify `-pass pass:MYSECRETPASSWORD`, although the password is then of course not hidden from `ps`, etc. – Asclepius Nov 10 '14 at 05:05
-
If you use a salt, you will still be able to decrypt the file on a separate machine using only the password, correct? (I understand that salts are to prevent rainbow tables, I just want to be sure I'm correct that the password is all that *I* would need to open the file on another box.) – Wildcard Apr 20 '16 at 01:15
-
2@Wildcard Yes, the salt (actually, initialization vector) gets stored with the ciphertext in the encrypted file. – Dennis Apr 20 '16 at 01:40
-
Question? Is this lossy in any way? I'm thinking of using this for important backup, so first I'll `zip -er` then run this on the zip – Kellen Stuart Jan 01 '17 at 08:08
-
1@KolobCanyon Encryption is never lossy. By definition, it requires being able to decrypt the ciphertext to restore the original plaintext. Just don't forget the key. – Dennis Jan 01 '17 at 16:42
-
-
It should be noted that this is *not* secure if you manually type in your password. You should use key derivation. – pyrho Feb 09 '20 at 12:22
8
I've built a shell script for that. You can use it on Mac or on Linux.
#!/bin/bash
#encrypt files with aes-256-cbc cipher using openssl
#encrypt files
if [ $1 == "-e" ];
then
if [ -f "$2" ];
then
openssl aes-256-cbc -a -e -salt -in "$2" -out "$2.aes"
else
echo "This file does not exist!"
fi
#decrypt files
elif [ $1 == "-d" ];
then
if [ -f "$2" ];
then
openssl aes-256-cbc -a -d -salt -in "$2" -out "$2.decrypt"
else
echo "This file does not exist!"
fi
#show help
elif [ $1 == "--help" ];
then
echo "This software uses openssl for encrypting files with the aes-256-cbc cipher"
echo "Usage for encrypting: ./encrypt -e [file]"
echo "Usage for decrypting: ./encrypt -d [file]"
else
echo "This action does not exist!"
echo "Use ./encrypt --help to show help."
fi
Simply save this in a text file in issue chmod +x file to make it executable. after that use ./filename --help to get infos.
persec
- 81
- 1
7
Mac OS X has the ability to create encrypted container files (similar to e.g. Truecrypt), that can optionally grow with the amount of data placed in them. Use Disk Utility to do this.
In Disk Utility, select File » New » Blank Disk Image… with one of the sparse image formats. Select AES-128 or AES-256 as encryption.
From the command line, the same functionality is available via the hdiutil program.
Daniel Beck
- 109,300
- 14
- 287
- 334
-
A bit overkill for a single text file intended for command line access, isn't it? Can you open the file later via Linux et. al.? – Wildcard Apr 20 '16 at 01:17
-
@Wildcard Possibly (scope has a tendency to change); and no, but wasn't part of the question. – Daniel Beck Apr 20 '16 at 06:18
-