Script to encrypt and decrypt files on a Mac
Data encryption is a standard method employed to maintain the integrity of confidential digital data. Mac users are provided with a built-in disk encryption feature called FileVault. Enabling FileVault encrypts all the data present on the device with AES-level encryption. What if you only require encryption for a handful of files? Encryption of select files can be quickly achieved through the help of scripts run from the Terminal app. This document provides the admins scripts to encrypt or decrypt specific files on remote macOS devices. Device admins can remotely deploy these scripts to multiple endpoints using the Execute Custom Script action.
Scripting Language – Bash
File extension – .sh
openssl des -in <input file> -out <output file> -k <password>
Execute the command after making the following changes to the code,
<input file>with the file path to be encrypted.
<output file>with the file path where the encrypted file should be stored.
<password>with the encryption password. This password can be used to authorize the decryption of the file in the future.
openssl des -in /Users/john/Downloads/Original.txt -out /Users/john/Downloads/OriginalEnc.txt -k 1234
des command can be replaced with various encryption methods based on the requirement. Use the command
openssl list-cipher-commands to list out all the various encryption methods that can be used. The command
aes-256-cbc enforces 256-bit AES CBC encryption, a very powerful, common and widely supported encryption method.
An example code to encrypt the required file with AES 256 CBC encryption is given below,
openssl aes-256-cbc -in /Users/john/Downloads/Original.txt -out /Users/john/Downloads/OriginalEnc.txt -k 1234
openssl des -d -in <input file> -out <output file> -k <password>
To decrypt an encrypted file, run the command after making the following changes to the code,
<input file>with the file path to be decrypted.
<output file>with the file path where the decrypted file should be stored.
<password>with the encryption password to authorize decryption.
openssl des -d -in /Users/john/Downloads/OriginalEnc.txt -out /Users/johnDownloads/OriginalDec.txt -k 1234