Simple built-in way to encrypt and decrypt a file on a Mac via command-line?

Are there any built in command-line tools that I can encrypt and decrypt a text file (and provide it some sort of password).


openssl comes pre-installed on Mac OS X.

You can use the following commands:

# encrypt file.txt to file.enc using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc

# the same, only the output is base64 encoded for, e.g., e-mail
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc

# decrypt binary file.enc
openssl enc -d -aes-256-cbc -in file.enc -out file.txt

# decrypt base64-encoded version
openssl enc -d -aes-256-cbc -a -in file.enc -out file.txt

(copied from OpenSSL Command-Line HOWTO: How do I simply encrypt a file?)

You will be prompted for a password. You can also specify a password on the command-line using -pass pass:mySillyPassword or -pass file:/path/to/secret/password.txt

These commands use 256-bit AES ecryption with Cipher Block Chaining (CBC), which is about as secure as it gets right now.


I've built a shell script for that. You can use it on Mac or on Linux.

#!/bin/bash
#encrypt files with aes-256-cbc cipher using openssl

#encrypt files
if [ $1 == "-e" ];
then
    if [ -f "$2" ];
    then
    openssl aes-256-cbc -a -e -salt -in "$2" -out "$2.aes"
    else
       echo "This file does not exist!" 
    fi
#decrypt files
elif [ $1 == "-d" ];
then
    if [ -f "$2" ];
    then
        openssl aes-256-cbc -a -d -salt -in "$2" -out "$2.decrypt"
    else
        echo "This file does not exist!" 
    fi
#show help
elif [ $1 == "--help" ];
then
    echo "This software uses openssl for encrypting files with the aes-256-cbc cipher"
    echo "Usage for encrypting: ./encrypt -e [file]"
    echo "Usage for decrypting: ./encrypt -d [file]"
else
    echo "This action does not exist!"
    echo "Use ./encrypt --help to show help."
fi

Simply save this in a text file in issue chmod +x file to make it executable. after that use ./filename --help to get infos.


Mac OS X has the ability to create encrypted container files (similar to e.g. Truecrypt), that can optionally grow with the amount of data placed in them. Use Disk Utility to do this.

In Disk Utility, select File » New » Blank Disk Image… with one of the sparse image formats. Select AES-128 or AES-256 as encryption.


From the command line, the same functionality is available via the hdiutil program.