Shell Script Wrapper Around OpenSSL and AES-256 in macOS

Overview

This is a follow on from from a blog by John Martellaro back in 2016 [1]. In that post, two examples of encryption on OS X were given. The first was disk encryption and the second was on encrypting and decrypting files using OpenSSL and AES-256 [2]. My posting is about putting a basic shell wrapper around the raw OpenSSL commands.

Please note that this was tested using macOS Catalina 10.15.4 and the LibreSSL (version 2.8.3) implementation of OpenSSL.

The source code is available at https://github.com/locp/blog-content/blob/master/aes-256/aes256

The Script

#!/bin/bash
#############################################################################
# A script that wraps SSL to encrypt/decrypt files with AES-256.
#
# SYNOPSIS:
#
# aes256 -d | -e -f file -p password
#############################################################################
PROG=$( basename $0 )
function decrypt_file {
in="$file"
out=$( echo $in | sed 's/.aes256$//' )
echo "INFO: Decrypting $in to $out."
openssl enc -d -aes-256-cbc -in $in -k "$password" -out $out && rm $in
}
function encrypt_file {
in="$file"
out="${in}.aes256"
echo "INFO: Encrypting $in to $out."
openssl enc -aes-256-cbc -salt -in $in -k "$password" -out $out && rm $in
}
function usage_message {
if [ ! -z "$1" ]; then
echo "ERROR: $1"
echo
fi
echo "usage: ${PROG} -d | -e -f file -p password"
echo
echo " Where:"
echo " -d Indicates the file should be decrypted."
echo " -e Indicates the file should be encrypted."
echo " -f The file to have the action carried out against."
echo " -p Specifies the password to encypt/decrypt the file."
exit 2
}
decrypt=0
encrypt=0
file=""
password=""
while getopts "def:p:" opt; do
case "$opt" in
d) decrypt=1 ;;
e) encrypt=1 ;;
f) file="${OPTARG}" ;;
p) password="${OPTARG}" ;;
*) usage_message ;;
esac
done
if [[ $encrypt == 1 && $decrypt == 1 ]]; then
usage_message "d and e flags are mutually exclusive"
elif [[ $encrypt == 0 && $decrypt == 0 ]]; then
usage_message "Specify if to encrypt or decrypt the file."
elif [ -z "$file" ]; then
usage_message "Please specify a file."
elif [ -z "$password" ]; then
usage_message "Password required."
elif [[ $decrypt == 1 ]]; then
decrypt_file
elif [[ $encrypt == 1 ]]; then
encrypt_file
fi
view raw aes256 hosted with ❤ by GitHub

Examples


# Check the contents of the files we wish to encrypt:
$ cat /tmp/hello.txt
Hello, world!

# Encrypt the file:
$ aes256 -e -f /tmp/hello.txt -p 'Secret123'
INFO: Encrypting /tmp/hello.txt to /tmp/hello.txt.aes256.

# See what has happened:
$ ls -l /tmp/hello.txt.*
-rw-r--r--  1 ben.dalling  wheel  32 28 Mar 10:47 /tmp/hello.txt.aes256
$ od -c /tmp/hello.txt.aes256
0000000    S   a   l   t   e   d   _   _ 345 006   k 027   g 033 305  \0
0000020  214 210 370 217 020 245 031 354  \b 212   . 202 367 344   ^ 033
0000040

# Now let's decrypt the file and show the contents:
$ aes256 -d -f /tmp/hello.txt.aes256 -p 'Secret123'
INFO: Decrypting /tmp/hello.txt.aes256 to /tmp/hello.txt.
$ cat /tmp/hello.txt
Hello, world!

References


  1. Martellaro, J. (2016) How to Strongly Encrypt a File (for free) in OS X, Available at: https://www.macobserver.com/tmo/article/how-to-strongly-encrypt-a-file-for-free-in-os-x (Accessed: 28th March 2020).
  2. Wikimedia Foundation (2020) Advanced Encryption Standard, Available at: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard (Accessed: 28th March 2020).

No comments:

Post a Comment

Subscribe to: Posts (Atom)

New Blog Layout

I had two rather length posts on this blog, I have migrated them to pages for now and in future, posts will link to new content that has bee...

  • New Blog Layout
    I had two rather length posts on this blog, I have migrated them to pages for now and in future, posts will link to new content that has bee...