How to encrypt files from the command line on the Apple Mac using OpenSSL

Encrypt private files you don't want anyone to see using OpenSSL on the Apple Mac

Do you have files on your Mac’s disk that you want to keep private? Encrypt them! Use the openssl command line tool in Terminal to make sure no-one can access them. They’re safe for emailing too.

Everyone has some files on the disk that they want to keep secret. It might be a file that you use the keep track of passwords, or banking information, or other things you would rather not let people see. Encrypt them!

If you want to send files to someone using email or shared through an online drive, and it contains private information or images, encrypt them!

Encrypted files are scrambled and protected with a password so that only you, and whoever you give your password to, can access them.

Encrypt files with OpenSSL

OpenSSL is the technology that is often used to encrypt communications online when you visit a secure website, such as your bank, the checkout at an online store, and other places. You’ll see a padlock icon at the left side of the address box in a browser to indicate that encryption is being used and no-one can spy on you.

OpenSSL is built into macOS Sierra and earlier versions of OS X, and you can use it yourself from the command line in a Terminal window.

Open Terminal in the Utilities folder (click Go, Utilities). It opens in your home folder. To see a list of files and folders, type ls.

You can change to the folder that contains the file you want to encrypt, but it is easier to move it to the home folder using Finder.

To encrypt a file called MyPic.jpg, enter this command:

openssl des -in MyPic.jpg -out MyPic.jpg.enc
openssl The command
des The type of encryption to use (DES is a common one)
-in Name of the input file
-out Name of the output file

When the command is run, you are asked for a password - twice to confirm it. This is used to encrypt the contents of the file. It is not your account or admin password, it can be anything you want.

Encrypt a file on the Apple Mac from the command prompt using OpenSSL

Use a different name for the output file. Adding .enc to the end of the filename is a simple way to show that this is the encrypted version of the file, so MyFile.jpg is the original and MyFile.jpg.enc is the encrypted version.

You could email it, share it, copy it to a USB flash drive and so on. No-one can open it without using the password to decrypt it. If you wanted to give this to someone, you would have to find some way to tell them the password. They can then decrypted it and open it.

Decrypt files with OpenSSL

To decrypt a file and save the original version to disk, use this command:

openssl des -d -in MyPic.jpg.enc -out MyPic1.jpg

Notice the extra -d parameter in there? It is -d for decrypt. I’ve called the output file MyPic1.jpg just to avoid overwriting the original, but you can call it anything you like.

Decrypt a file on the Apple Mac from the command prompt using OpenSSL

Advanced OpenSSL parameters

The DES encryption method was used in the example, but many more are supported and to see a long list of them, enter:

openssl list-cipher-commands

Just replace des with whatever you want from that list, for example, aes-256-cbc is a very powerful, very common, widely supported, and very secure method using 256-bit AES.

To make the encryption even more secure, you can add -salt. It’s not important how this works, just add it to make decrypting the file extremely difficult without a supercomputer.

One last parameter. Encryption can create weird characters, so add -a to make them all plain text. It is what is called base64 encoded.

Here is an updated version of that command to encrypt a file:

openssl aes-256-cbc -a -salt -in MyPic.jpg -out MyPic.jpg.enc

To decrypt a file encrypted with this, just add a -d parameter before the -a.

Encrypt messages online

Using the command line is not easy and is prone to typing slips. Geeks love it, but if you want a simple way to encrypt text messages, go to this Online encrypt tool

  1. Type your message into the large box
  2. Enter the password to use into the Key box
  3. Select the encryption method in the Algorithm list.
  4. Click the Encrypt this! butto
  5. Copy the encrypted message and paste it into an email

When the person receives the email, they:

  1. Copy the encrypted message text
  2. Paste it into the large box at the Online decrypt tool
  3. Enter the password into the Key box
  4. Select the Algorithm to use
  5. Click the Decrypt this! button

They can read the text provided you have shared the password and algorithm with them.

Encrypt text messages using this online tool

Now you know how to share secret messages with people!





Does it really make a difference if I encrypt my storage device with Finder << Right click 'Encrypt, Apple's FileVault and Terminal?

When I was researching this I'm sure I saw something that said FileVault works in a slightly different way to when you right click a drive and select Encrypt. However you encrypt something, it is secure. Most of us aren't storing government secrets on our computers and we just want to stop thieves or someone who finds your lost storage device from accessing the files. Almost any form of encryption will do. It is true that some encryption methods are better than others, but even the worst is a 1000 times better than none.

From the enc man page: -salt use a salt in the key derivation routines. This is the default. I have: OpenSSL 0.9.8zh 14 Jan 2016

Add new comment

By submitting this form, you accept the Mollom privacy policy.

Related items you will like...