I needed to send an encrypted file to a user with a Mac. They were unable to install additional software on their machine, and I have no Mac to verify things on.
By default Mac’s roll with openssl installed (thanks Google), so the solution seemed to be to use that.
You can debate the encryption algorithm choice and substitute as appropriate. But the basic syntax for encryption and decryption using AES-256 is shown below:
Encrypt file with password
openssl enc -aes-256-cbc -iter 30 -salt -in report.pdf -out report.enc
Note: running this command will result in a prompt to enter the password, and confirmation.
Decrypt with password
openssl enc -aes-256-cbc -iter 30 -d -salt -in report.enc -out report-decrypted.pdf
Note: again this command will prompt for the password to be entered before extracting.
Warning; running with scissors
This is securing with a password. Go big or risk exposure here. Someone could always try brute force and you want to make sure that takes way way longer than the validity of the information you are protecting. I recommend 72,000 characters long as a minimum to be sure.
Now you have a key distribution problem though. How to get the password to the other person securely? You cannot email them the password since this is the same delivery mechanism for my scenario.
- Generally WhatsApp (or other end to end encrypted chat client to a mobile phone) is good.
- Phoning and saying a long password can be awkward but works (so long as they promise to eat the paper they write the password on immediately).
- SMS is less secure but still verifies that the user is in possession of that person’s phone.
Hope that helps.