Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A script for compressing and encrypting directories UNIX
I've been frustrated with the encryption options in OS X, especially when the application I'd been using ("Crypt," I believe) started acting buggy after the upgrade to Jaguar. One feature I really wanted was to encrypt/decrypt an entire directory on the fly, without too much mucking on the command line. In the past, I had used GPG for encryption, but it wasn't installed by default on Jaguar. Openssl does have some nice utilities, though.

This script allows for encryption or decryption (I combined two separate scripts) of any directory within the present working directory. All files in the directory are tarred, gzipped, and encrypted using the Blowfish algorithm.

There have been other hints of a similar nature, but this one is better because 1) it uses the built-in openssl, not gpg, and 2) it is extremely flexible, allowing for easy encryption of any directory by just cd-ing to the parent directory. Using rm -P ensures the old files are securely overwritten a few times.

[robg adds: I have not tested this script.]

There may be a much more elegant way to do this, but this is my first shell script. Oh, and since I use bash, much of the syntax may be off for those still using tcsh. It doesn't look like indentation is preserved, so if you can't sort it out, email me and I'll send the raw file. Here 'tis:

#!/bin/bash
# This script compresses and encrypts/decrypts
# entire directories using Blowfish.
dir_name=
mode=
echo "Type \"e\" for encryption, or \"d\" for decryption."
read mode
if [ "$mode" != "e" ]; then
  if [ "$mode" != "d" ]; then
    echo "Invalid entry; please try again"
    exit 1
  else
    #decrypt
    echo -n "Type the name of the directory you wish to decrypt> "
    read dir_name
    if [ -f "${dir_name}.tar.gz.bf" ]; then
      echo ${PWD}'/'${dir_name}.tar.gz.bf "will be decrypted."
      openssl bf -d -in ${dir_name}.tar.gz.bf -out secret_files.tar.gz
      rm -P ${dir_name}.tar.gz.bf
      tar xzvf secret_files.tar.gz
      rm -P secret_files.tar.gz
      echo "Directory \"${dir_name}\" successfully decrypted."
    else
      echo "Unable to find that encrypted directory."
      echo "Please try again.  Exiting program."
      exit 1
   fi
   exit 1
 fi
fi
#encrypt
echo -n "Type the name of the directory you wish to encrypt> "
read dir_name
if [ -d "$dir_name" ]; then
  tar czvf secret_files.tar.gz $dir_name
  rm -rf $dir_name
  openssl bf -in secret_files.tar.gz -out ${dir_name}.tar.gz.bf
  rm -P secret_files.tar.gz
  echo "Directory ${dir_name} successfully encrypted."
else
  echo "That directory doesn't seem to exist."
  echo "Please try again.  Exiting program."
  exit 1
fi
Save the script somewhere on your path and make it executable, of course...
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[9,229 views]  

A script for compressing and encrypting directories | 7 comments | Create New Account
Click here to return to the 'A script for compressing and encrypting directories' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Danger will robinson
Authored by: SOX on Nov 13, '03 12:10:06PM

This script doesn not contain any safety nets. For example in the decrypt if the openssl command fails the next line deltes the original leaving you with nothing. You reallu out to re-write this with checks for completion on each line before going on the next command



[ Reply to This | # ]
A script for compressing and encrypting directories
Authored by: fxt on Nov 13, '03 12:25:04PM

check out the shell script

http://home.comcast.net/~b.courbage/scripts/index.html

does a better job of checking stuff. its also on vt. i've been using it for about a year and i'm quite pleased with it.

fxt



[ Reply to This | # ]
A script for compressing and encrypting directories
Authored by: el bid on Nov 13, '03 12:52:03PM

Perhaps I'm missing something, but I don't entirely understand the premise of this hint, or (as mentioned) the need for some additional application to handle encryption.

The ideal way of encrypting directories, IMHO, is to create them within an encrypted filesystem in the first place. Panther now has some additional facility for doing this, but I haven't bothered to investigate this because the approach I've been using here since 10.1 still works fine. It needs no scripting or additional app.

The approach is simply to create an encrypted read/write .dmg (disk image) using Disk Utility/New Image against some passphrase, and then to mount that image against the passphrase. It will mount under /Volumes in the usual way, but if you want it elsewhere (eg in your home directory, perhaps so that it can easily be SMB exported across the network) then UNIX link (rather than Mac alias) it into the required location.

When you're done with it, simply unmount the image and the contents will be secure. The UNIX link can be left in place -- it won't work while the image is unmounted, of course, but will come back to life when the image is mounted again.

The .dmg can be backed up and will remain fully secure off-line until restored and remounted against the original passphase.



---
--
el bid



[ Reply to This | # ]
A script for compressing and encrypting directories
Authored by: fxt on Nov 13, '03 02:15:38PM

not all unix and/or windows machines understand encrypted .dmg images. the reason one uses openssh technology is for portability across a wide spectrum of machines.

fxt



[ Reply to This | # ]
A script for compressing and encrypting directories
Authored by: el bid on Nov 13, '03 05:01:47PM

> not all unix and/or windows machines understand
> encrypted .dmg images

That's putting it mildly. Isn't .dmg highly proprietary to Apple? Do you know any other os that can mount them?

I heartily agree that cross-platform data portability is a very desirable goal. I suppose I was responding to the initial poster's opening sentence: "I've been frustrated with the encryption options in OS X".

---
el bid



[ Reply to This | # ]
A script for compressing and encrypting directories
Authored by: stetner on Nov 13, '03 09:32:11PM

As well, the standard tar command is not HFS+ aware, meaning you will be losing resource forks if they exist in the directory.



[ Reply to This | # ]
A script for compressing and encrypting directories
Authored by: ukkarhu on Nov 14, '03 10:44:25AM

I've enhanced this script a bit so it will encrypt files and directories using a command line type thing i.e. crypt <filename> or crypt -d <filename> to decrypt. If you specify crypt -d -r <filename>, it will automtically decrypt and expand your compressed file. If you don't want to use tar, you can replace the 'tar' command with something that is resource fork friendly.

The whole script is availble from my idisk public folder (apadley). Here is the code if you're interested.

[code]
#!/bin/bash
#
#
# Define usage routine
usage()
{
[ "$1" ] && echo "crypt: $*"

cat <<!

usage: crypt [ -d][-r] Filename / Directoryname

options: -d : Decrypt mode
If this parameter is not used, the default
is to encrypt the file or directory.
-r : Recursive Decryption
User this parameter to automatically
expand a decrypted file you know is a dir.
!

exit 8
}
delfile()
{
if [ $? -eq 0 ]
then
rm -R $1
fi
}
#
# Parse the commandline options
#
CRYPT=0
ISDIR=0
while getopts :d:r OPT
do
case $OPT in
"d") CRYPT=1 ;;
"r") ISDIR=1 ;;
"?") usage "Invalid option: -$OPTARG" ;;
":") "Mandatory parameter missing for -$OPTARG option" ;;
esac
done

shift `expr $OPTIND - 1`
if [ "$#" -ne 1 ]
then
usage "You must supply a file or directory name"
exit 1
else
SOURCE="$1"
fi
#
# Encrypt a file or directory
#
echo $SOURCE
echo $CRYPT
if [ -f $SOURCE -a $CRYPT -eq 0 ] # Encrypt File
then
openssl bf -in $SOURCE -out $SOURCE.bf
delfile $SOURCE
elif [ -d $SOURCE -a $CRYPT -eq 0 ] # Encrypt a directory
then
tar czf tmp$$.tar.gz $SOURCE
delfile $SOURCE
openssl bf -in tmp$$.tar.gz -out $SOURCE.tar.gz.bf
delfile tmp$$.tar.gz
#
# Decrypt File or Directory
#
elif [ -f $SOURCE -a $CRYPT -eq 1 ] # Decrypt a file
then
openssl bf -d -in $SOURCE -out `echo $SOURCE | sed 's/...$//'`
delfile $SOURCE
if [ $ISDIR=1 ]
then
tar xzf `echo $SOURCE | sed 's/...$//'`
delfile `echo $SOURCE | sed 's/...$//'`
fi
else
usage "Incorrect parameter combination"
fi
exit 0

[/code]



[ Reply to This | # ]