Quickly encrypt a file with OpenSSL
A few months ago a question was posed to our readers about encrypting or password protecting a text file [How can I password protect a file?]. We got several good responses but one in particular has really stuck with me. A reader named Jim posted in the comments a tip about using OpenSSL that I have used a bunch since then, and I think others will find this useful as well. This tip is repeated from a DZone snippet, but slightly modified and annotated to better accommodate for Mac OS X users:
Encrypt a file using OpenSSL via the Command Line
This is a pretty simple way to encrypt a single file so that it is nearly impossible for others to read, and it will require a password to access again. You’ll need to use the OpenSSL technology via the command line for this to work.
Encrypt the file:
openssl des3 -salt -in file.txt -out encryptedfile.txt
Decrypt the file:
openssl des3 -d -salt -in encryptedfile.txt -out normalfile.txt
Be sure to heed this important advice so you don’t overwrite and lose files:
Do not specify the same file as input and output on encryption.. I have noticed weird effects on OS X (it eats the file). Remove the -in * stuff if you want to pipe data into it (e.g. a tarred folder). Omit the -out * stuff if you want it to pipe data out on STDOUT.
When you encrypt the file initially, it will prompt you to set a password to access the file and decrypt it again in the future – do not forget the password because triple DES encryption is incredibly powerful and you’ll likely lose the file’s content forever without the password.
Source: DZone Snippet – Thanks Jim!
It’d be nice if there was an easy drag and drop utility to do this that just prompts you for a password. I’m not really command line savvy and I think there’s a lot of room for error.
It doesn’t look like it can be used on folders either which sucks
that’s a pretty good solution to protect a single text file
This is a great solution. Another one would be to grab gpg for OSX and use ‘gpg -c ‘
If you want to protect a folder or more than one file use the disc utility, click on new image, set the space and the password.
Everyone have secrets… xD
mugab -
It might not be EXACTLY what you’re looking for – but I just posted the steps to make this command into a shell script. At least you can drag the file you want encrypted into a Terminal window !
Great tip OSXDaily !
“It doesn’t look like it can be used on folders either which sucks”
You could ZIP it first.
Many thanx for this information. Please note the possibility to add a password directly (it took me as a newby some hours to figure this out):
openssl des3 -salt -in file.txt -out file.des3 -k mypassword
(http://www.openssl.org/docs/apps/enc.html)
@mchl: Just remember if you enter your password on the command line, it will be stored in plain text in your .bash_history file.
[...] Also, from this awesome tip from OS X Daily, you can quickly encrypt a file using openssl using the following (I used AES 128 in CBC mode) — it even prompts you for the encryption password (key) twice: [...]
Beautiful and simple – I didn’t realize this was built-in to Leopard! Thanks!
-salt doesnt seem to be in the man pages nor does it seem to do anything
you can also do
cat file.txt | openssl des3 > encrypted.data
and
cat encrypted.data | openssl des3 -d
This work too, but…
to decrypt, you have to use:
cat encrypted.data| openssl des3 -d > file.txt
are you guys on drugs? You do realize that the best way to encrypt a text file is to use GNUpg, right? Install Gnupg, as well as the GPGdropthing. Drop your text into it. Encrypt. Paste into text file. When you need the data, decrypt. C’mon…
Doesn’t this type of encrypting suck? You are starting with a plain text file, which remains on the hard drive even after you remove it from the file system. Sure, your encrypted file may be all that is visible to the average user, but anyone who can scrape the hard drive and search for FS data structures could probably recreate the plain-text file – saving a lot of time vs. breaking into the encrypted file.
Instead, perhaps create a loopback encrypted filesystem that would hold the file?