Murphy Mac - Screencasts and Tutorials » Page 'Interactive Shell Script: Command Line File Encryption'

Interactive Shell Script: Command Line File Encryption


openssl encryptionIn today’s installment of Terminal Thursday we’ll be encrypting a single file from the command line courtesy of an excellent tip from the guys over at OSXDaily. The openssl utility ships with your Mac – and it’s pretty easy to use.

An OSXDaily reader posted a comment asking if there was a drag and drop way to encrypt a file. We’ve got a solution – sort of. Murphy sees this as a perfect place to introduce a shell script that prompts the user for input. Just kick off the shell script and you’re prompted for the file you want to encode. You can drag the file onto your Terminal window and hit enter. You’ll be prompted to set a password and you’re done.

You could make a similar shell script for decrypting the files too. And you’re not stuck with Murphy’s method, which dumps the output in a pre-configured folder. You could concatenate an extension onto the encrypted filename instead. Whatever works for you.

The screencast assumes you’ve seen Murphy’s post about making a shell script, so you might want to check that one out before getting started. It also introduces basename – which helps us extract a file name from a full path.

A word of warning from the original post: Don’t forget your password. Chances are you’re not going to find a way to break triple-des security.

UPDATE:  Carry out this process with a Widget.

Watch Now | Permalink

6 comments to “Interactive Shell Script: Command Line File Encryption”

  1. There should be double quotes around “$in_file” and “$out_file” to allow file names with spaces (since the Finder allows the creation of file names like these).

  2. That’s a good point. The script in the screencast would end up looking like this:

    echo “Enter file to encrypt”
    read “in_file”
    out_file=`basename “$in_file”`
    openssl des3 -salt -in “$in_file” -out ~/sec_stuff/”$out_file”
    open ~/sec_stuff

  3. Making a shell script for “unlockit” seems to be similar. I tried the following, naming it “unlockit” (and making it executable) and it seems to work well:

    echo “Enter file to decrypt”
    read “in_file”
    out_file=`basename “$in_file”`
    openssl des3 -d -in “$in_file” -out ~/sec_stuff/unlocked/”$out_file”
    open /Users/?/sec_stuff/unlocked/

    I added a subfolder ‘unlocked’ in the ‘sec_stuff’ folder so I would remember where I put the unlocked files and wrote that into the script.

    Thanks for the great tip.

  4. last line of script should read

    open ~/sec_stuff/unlocked.

  5. Having read this I decided it may be a good tool to wrap up in a dashboard widget – check it out at

  6. Valuable info. Lucky me I discovered your site by accident, and I’m surprised why this twist of fate didn’t happened earlier!
    I bookmarked it.

Leave a comment