Encrypt & Decrypt Files from the Command Line with OpenSSL

Jan 30, 2012 - 7 Comments

Encrypt and Decrypt files with OpenSSL

Need to quickly encrypt a file from the command line? With OpenSSL, you can encrypt and decrypt files very easily.

For the purpose of this walkthrough, we’ll use des3 encryption, which in simple terms means a complex encryption algorithm is applied three times to each data block, making it difficult to crack through brute force methods. While we’re focusing on Mac OS X here, these commands will work anywhere that OpenSSL is installed, including older versions of OS X and Linux.

Encrypting Files with OpenSSL

The syntax of openssl is basic:

openssl [encryption type] -in [file to encrypt]

As mentioned before, we’ll use des3 for the encryption, and we’ll be using a text file as the input. We’re also going to specify a different output file to prevent any errors. Here is what the command would look like:

openssl des3 -in file.txt -out encrypted.txt

You will be asked to set and confirm a password before the encryption is complete, do not lose this password or you will lose access to the file.

Sidenote: You can also just use an input file with -in filename, but that may cause issues. To prevent any unexpected problems, do not specify the same file as the input and output. This means the original file will stick around either before or after encryption, and you will want to deal with that file individually, preferably through a secure delete method.

Decrypting Files with OpenSSL

openssl des3 -d -in encrypted.txt -out normal.txt

The previously set password will be required to decrypt the file.

Other than switching the placement of the input and output, where again the original file stays put, the main difference here is the -d flag which tells openssl to decrypt the file.

Naturally, you’re probably wondering what happens if you try to open an file that has been encrypted with OpenSSL without entering the password? You’ll probably get an error message, but if you force open the file with something like TextEdit, you’ll see the text “Salted” followed by a bunch of gibberish like so:

Encrypted file

The file will remain unreadable until it has been decrypted through openssl again.

For more about file security, don’t miss some of our other posts, including password protecting a Mac, encrypting partitions, zip archives, files and folders in disk images, and even encrypting iOS backups to keep sensitive data from an iPhone and iPad secure.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: William Pearson in Command Line, Mac OS X, Tips & Tricks

7 Comments

» Comments RSS Feed

  1. Parakeet says:

    Niiiiice wwooorrk

  2. Jesse says:

    Very handy! Thanks for the tip.

  3. Amigalander says:

    Neat. what about if you need to encrypt a fake file? The kind that you can “show package contents” on. These are technically folders aren’t they? This method fails on those files. Would we have to zip it first before encrypting?

    • Stephen says:

      Yeah, although that’s easy enough to do with a combination of:

      zip -r file.zip package-file

      openssl des3 -in file.zip -out encrypted.txt

  4. Felipe says:

    Thanks. It useful.

  5. ubersol says:

    This is very useful information, I was curious to see if there is any way to actually encrypt the name of the file itself as well ?

    Regards,

    Deniz Rende

  6. [...] Get in the habit of using Secure Empty Trash anytime you are removing something that is truly sensitive and that you don’t want others to regain access to. Things like financial statements, credit card information, personal files and diaries, or deleting the source files and finished documents from openssl file encryption. [...]

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates