Category filter

Script to encrypt and decrypt files on a Mac

Data encryption is a standard method employed to maintain the integrity of confidential digital data. Mac users are provided with a built-in disk encryption feature called FileVault. Enabling FileVault encrypts all the data present on the device with AES-level encryption. What if you only require encryption for a handful of files? Encryption of select files can be quickly achieved through the help of scripts run from the Terminal app. This document provides the admins scripts to encrypt or decrypt specific files on remote macOS devices. Device admins can remotely deploy these scripts to multiple endpoints using the Execute Custom Script action.

Scripting Language – Bash

File extension – .sh

Disclaimer:

The Sample Scripts provided below are adapted from third-party Open-Source sites.

Encrypt files

openssl des -in <input file> -out <output file> -k <password>

1	openssl des -in <input file> -out <output file> -k <password>

Execute the command after making the following changes to the code,

Replace <input file> with the file path to be encrypted.
Replace <output file> with the file path where the encrypted file should be stored.
Replace <password> with the encryption password. This password can be used to authorize the decryption of the file in the future.

For example,

openssl des -in /Users/john/Downloads/Original.txt -out /Users/john/Downloads/OriginalEnc.txt -k 1234

The des command can be replaced with various encryption methods based on the requirement. Use the command openssl list-cipher-commands to list out all the various encryption methods that can be used. The command aes-256-cbc enforces 256-bit AES CBC encryption, a very powerful, common and widely supported encryption method.

An example code to encrypt the required file with AES 256 CBC encryption is given below,

openssl aes-256-cbc -in /Users/john/Downloads/Original.txt -out /Users/john/Downloads/OriginalEnc.txt -k 1234

Decrypt files

openssl des -d -in <input file> -out <output file> -k <password>

1	openssl des -d -in <input file> -out <output file> -k <password>

To decrypt an encrypted file, run the command after making the following changes to the code,

Replace <input file> with the file path to be decrypted.
Replace <output file> with the file path where the decrypted file should be stored.
Replace <password> with the encryption password to authorize decryption.

For example,

openssl des -d -in /Users/john/Downloads/OriginalEnc.txt -out /Users/johnDownloads/OriginalDec.txt -k 1234

Notes:

It is recommended to manually validate the script execution on a system before executing the action in bulk.
Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

Need more help?

Raise a Ticket

Ask Community

Chat With us