72

Are there any built in command-line tools that I can encrypt and decrypt a text file (and provide it some sort of password).

Chris W. Rea
  • 10,978
codecompleting
  • 1,419

4 Answers4

103

openssl comes pre-installed on Mac OS X.

You can use the following commands:

# encrypt file.txt to file.enc using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc

the same, only the output is base64 encoded for, e.g., e-mail


openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc


decrypt binary file.enc


openssl enc -d -aes-256-cbc -in file.enc -out file.txt


decrypt base64-encoded version


openssl enc -d -aes-256-cbc -a -in file.enc -out file.txt

(copied from OpenSSL Command-Line HOWTO: How do I simply encrypt a file?)

You will be prompted for a password. You can also specify a password on the command-line using -pass pass:mySillyPassword or -pass file:/path/to/secret/password.txt

These commands use 256-bit AES ecryption with Cipher Block Chaining (CBC), which is about as secure as it gets right now.

leeo
  • 3
Dennis
  • 50,701
9

Mac OS X has the ability to create encrypted container files (similar to e.g. Truecrypt), that can optionally grow with the amount of data placed in them. Use Disk Utility to do this.

In Disk Utility, select File » New » Blank Disk Image… with one of the sparse image formats. Select AES-128 or AES-256 as encryption.

From the command line, the same functionality is available via the hdiutil program.

Daniel Beck
  • 111,893
9

I've built a shell script for that. You can use it on Mac or on Linux. 

#!/bin/bash
#encrypt files with aes-256-cbc cipher using openssl

#encrypt files
if [ $1 == "-e" ];
then
    if [ -f "$2" ];
    then
    openssl aes-256-cbc -a -e -salt -in "$2" -out "$2.aes"
    else
       echo "This file does not exist!" 
    fi
#decrypt files
elif [ $1 == "-d" ];
then
    if [ -f "$2" ];
    then
        openssl aes-256-cbc -a -d -salt -in "$2" -out "$2.decrypt"
    else
        echo "This file does not exist!" 
    fi
#show help
elif [ $1 == "--help" ];
then
    echo "This software uses openssl for encrypting files with the aes-256-cbc cipher"
    echo "Usage for encrypting: ./encrypt -e [file]"
    echo "Usage for decrypting: ./encrypt -d [file]"
else
    echo "This action does not exist!"
    echo "Use ./encrypt --help to show help."
fi

Simply save this in a text file in issue chmod +x file to make it executable. after that use ./filename --help to get infos.

persec
  • 91
2

I have been using zip command for quite sometime with a password.

It basically creates a zip file protected by password. Then to get the data you unzip using password to get the file without password

Password protect a file

zip -e filetoprotect.zip filetoprotect.txt

Enter the password to protect.

Extract the file from password protected zip

unzip filetoprotect.zip

Enter the password to get the file without password

Amit Thawait
  • 121