Sometimes it’s really useful to be able to encrypt a file locally, and although there’s lots of pieces of software that can do this for you, I much prefer to just do it myself. Using Terminal’s “openssl” command, it’s really really simple to encrypt a file well enough for snoops to not be able to read.
To encrypt a file, simply run the following from Terminal. It’ll then ask you for a password to encrypt the file with (you can pass this in as an argument using -k , but then people can see what it is in the Terminal history, and we don’t want that!)
openssl enc -aes-256-cbc -salt -in </path/for/file/to/encrypt.txt> -out </path/to/encrypted/output.enc>
Let’s break down this command:
- enc -aes-256-cbc: This is the encryption algorithm that you want to use. There’s a whole raft of options that are possible, but I’d recommend using AES-256, it’s pretty secure.
- -salt: You should always use this, it basically adds another level of security by “salting” the encryption. This basically means that it you encrypt the same file with the same password, it’ll come out different. This is really really useful to stop thieves from using brute force to figure out the password.
- -in: Pretty self-explanitory, is basically file path to the file you want to encrypt. This could obviously be whatever you like.
- -out: Again, this is straight forward enough, should be a location on disk to save the encrypted file to.
Cool, so we now have a pretty well encrypted file! You probably want to be able to decrypt it though as well (pretty useless otherwise right?!). You can do this by running the following:
openssl enc -aes-256-cbc -salt <salt> -d -in </path/to/encrypted/output.enc> -out </path/to/decrypted/file.txt>
Note that the input and output files have changed round, and we’ve added the all important “-d” argument, which tells us to decrypt the file rather than encrypting it.
Another cool thing to make your files that little bit less noticeable is to concatenate your encrypted file to the end of another file. You can’t do it with all files, but I’ve tried it with JPEG and MP3, both of which are quite amenable to doing this. It’s really easy as well, though splitting them apart involves a 4 line python script!
To concatenate the files together, run the following:
(cat /path/to/MySong.mp3; cat /path/to/encrypted/file.enc) > MySecretSong.mp3
This simply takes the song and the encrypted file and bugs them together. Simple! Try playing “MySecretSong.mp3”, hopefully it should still play.
To extract the file, you’ll need to save the following python script into a text file, call it something like “ExtractSecret.py”:
#!/usr/bin/python import sys f = open(sys.argv).read() out = f.split("Salted__") open(sys.argv, 'r').write("Salted__"+out)
You then simply run the following to get your encrypted file back:
python ExtractSecret.py "/path/to/MySecretSong.mp3" "/path/to/encrypted/output.enc"
And that’s it! You should now be able to decrypt in the normal way.