Bringing the simplistic style of Quick Look's file browsing to encryption.
This tool removes all of the complication of encrypting and decrypting files. Simply right click on a file you'd like to encrypt, select Quick Actions > Quick Lock
and follow the prompts. To decrypt, just double click on the file.
Here's a quick demo:
Open Terminal.app
and enter the following commands:
$ git clone https://github.com/alichtman/macOS-quick-lock.git
$ cd macOS-quick-lock
$ ./install.sh
You will see a prompt like this. Click Install
:
After, you will see this prompt asking to allow a Quick Action
to interact with files on your computer through Finder, which will let you to encrypt and decrypt files by right-clicking on them. Without this permission, nothing will work, so I'd recommend clicking OK
.
If you'd like to add a keyboard shortcut, go to Preferences > Keyboard > Shortcuts > Services
.
This script also installs the Quick Lock.app
. You can set this app as the default app for .encrypted
files, which means you'll be able to double-click on files with that extension and be prompted for a decryption password. You can set this up the first time you double-click on a .encrypted
file, or by right-clicking on a .encrypted
file, selecting Get Info
and changing the default app in the Open With:
section.
-
This script can encrypt any file or directory. It uses
AES-256
inCTR
mode. -
After files are encrypted, they will have an extension like
.aef99d86babcf82102fa.encrypted
. This extension holds aSHA1
hash of the decrypted file which is used to verify the decryption password you enter is correct. If you alter this extension, decryption will fail because the file hashes won't match. You'll still be able to decrypt your file on the command line with$ openssl enc -d -aes-256-ctr -in ENCRYPTED_FILE -out DECRYPTED_FILE
, though.
There are two options you can configure in the file ~/.quick-lock.plist
. This file is automatically created when you run the install script.
deleteEncryptedFileAfterDecryption
- Default:
False
. - Set this to
True
if you'd like to automatically remove the encrypted versions of successfully decrypted files.
- Default:
encryptedFileExtension
- Default:
.encrypted
. - Change this if you'd like to set a non-default extension for encrypted files. Note that encrypted files with an extension differing from the extension in the config file will not decrypt successfully.
- Default:
This script uses openssl
's implementation of the AES 256
encryption algorithm in Counter (CTR
) mode, as is recommended in Professor Rogaway's Evaluation of Some Blockcipher Modes of Operation. This algorithm is part of the NSA's Commercial National Security Algorithm Suite and is approved to protect up to TOP SECRET documents.
This script uses the openssl
-salt
option. This makes Rainbow Table attacks impractical, however, it also means that if you encrypt a file and forget the password -- that's game. Nobody can recover that file. Back up your passphrases!