16GB iPod Touch $339 - Save $59

Interactive Shell Script: Command Line File Encryption

May 10th, 2007

openssl encryptionIn today’s installment of Terminal Thursday we’ll be encrypting a single file from the command line courtesy of an excellent tip from the guys over at OSXDaily. The openssl utility ships with your Mac - and it’s pretty easy to use.

An OSXDaily reader posted a comment asking if there was a drag and drop way to encrypt a file. We’ve got a solution - sort of. Murphy sees this as a perfect place to introduce a shell script that prompts the user for input. Just kick off the shell script and you’re prompted for the file you want to encode. You can drag the file onto your Terminal window and hit enter. You’ll be prompted to set a password and you’re done.

You could make a similar shell script for decrypting the files too. And you’re not stuck with Murphy’s method, which dumps the output in a pre-configured folder. You could concatenate an extension onto the encrypted filename instead. Whatever works for you.

The screencast assumes you’ve seen Murphy’s post about making a shell script, so you might want to check that one out before getting started. It also introduces basename - which helps us extract a file name from a full path.

A word of warning from the original post: Don’t forget your password. Chances are you’re not going to find a way to break triple-des security.

Watch Now | Permalink

Posted in Favorite Posts, Security, Terminal, Mac OS X, Advanced |

del.icio.us Digg Furl Reddit StumbleUpon

Why does Murphy use Bluehost?

5 Responses to “Interactive Shell Script: Command Line File Encryption”

  1. Mark Says:
    May 22nd, 2007 at 11:39 pm

    There should be double quotes around “$in_file” and “$out_file” to allow file names with spaces (since the Finder allows the creation of file names like these).

  2. Murphy Says:
    May 23rd, 2007 at 4:03 am

    That’s a good point. The script in the screencast would end up looking like this:

    echo “Enter file to encrypt”
    read “in_file”
    out_file=`basename “$in_file”`
    openssl des3 -salt -in “$in_file” -out ~/sec_stuff/”$out_file”
    open ~/sec_stuff

  3. Carl Says:
    May 27th, 2007 at 10:32 pm

    Making a shell script for “unlockit” seems to be similar. I tried the following, naming it “unlockit” (and making it executable) and it seems to work well:

    echo “Enter file to decrypt”
    read “in_file”
    out_file=`basename “$in_file”`
    openssl des3 -d -in “$in_file” -out ~/sec_stuff/unlocked/”$out_file”
    open /Users/?/sec_stuff/unlocked/

    I added a subfolder ‘unlocked’ in the ’sec_stuff’ folder so I would remember where I put the unlocked files and wrote that into the script.

    Thanks for the great tip.

  4. Carl Says:
    May 27th, 2007 at 10:33 pm

    last line of script should read

    open ~/sec_stuff/unlocked.

  5. Chris Mills Says:
    May 28th, 2007 at 1:02 pm

    Having read this I decided it may be a good tool to wrap up in a dashboard widget - check it out at http://www.millshalligan.co.uk/software/fileencryption/index.shtml

Leave a Reply

Text Link Ads