Wednesday, February 29, 2012

Encrypting Files on OSX with openSSL

You can use FUSE with encfs to locally encrypt eg for uploading to DropBox or Google Docs.

But what if you want to send the encrypted file to someone else? Well OSX Snow Leopard and Lion can create encrypted zip files, and decrypt and expand them. Thing is that zip encryption isn't very strong.

How about using openSSL with AES-256 encryption instead?

To encrypt from the command line

    openssl des3 -salt -in regular.txt -out encrypted.txt

And to decrypt

    openssl des3 -d -salt -in encrypted.txt -out regular.txt

So I have a file called "all_tags.txt" then you would do

    openssl des3 -salt -in all_tags.txt -out all_tags.encrypted.txt
    enter des-ede3-cbc encryption password:

    Verifying - enter des-ede3-cbc encryption password:

You'll see you are asked for the passphrase twice. Don't lose it!

This is what the file looks like:

    Salted__3fi˛Œ—Æ+È£Pùˇ§S`p~±Õ˘Ãº_ç*oõÏ ◊◊È°8Aˆ3"∞ »„â@‡yÑ€g≠.¡ìÁ| 2Ë4~)‚R)ÚR¶®™1Íê=o–ï€à∑!¡›fiπ∑Öˇ#[P˙Ô|éÈsÙ¢ì‚z^◊ú˛ÀBœ2íùJÂh©åQ&±û—†nÇIÊQˆµxá( ∆8Íg¬a˛Î.V˚tuKV[CHø€c√“®˙√5Öïæh˘zt„ŸÂïCe"d,è€ Höπ$Âú8ê”<Ȭ˚ù'•?[4◊uÓé÷0—aeõnö˘CÖÁ€r˝—®À»?›<…åìŸ Ê#Æú¢v´Ø{'›ÆÙ∞)<◊[õì

Then to decrypt

    openssl des3 -d -salt -in all_tags.encrypted.txt -out all_tags.clear.txt
    enter des-ede3-cbc decryption password:

and you get the first file.

Works with ANY file!

You can zip the encrypted version if you like to save space.

No comments: