Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
macOS Quick Lock
Bringing the simplistic style of Quick Look's file browsing to encryption.
This tool removes all of the complication of encrypting and decrypting files. Simply right click on a file you'd like to encrypt, select Quick Actions > Quick Lock and follow the prompts. To decrypt, just double click on the file.
Here's a quick demo:
Installation
$ git clone https://github.com/alichtman/macOS-quick-lock.git
$ cd macOS-quick-lock
$ ./install.shYou will see a prompt like this. Click Install:
After, you will see this prompt asking to allow a Quick Action to interact with files on your computer through Finder, which will let you to encrypt and decrypt files by right-clicking on them. Without this permission, nothing will work, so I'd recommend clicking OK.
If you'd like to add a keyboard shortcut, go to Preferences > Keyboard > Shortcuts > Services.
This script also installs the Quick Lock.app. You can set this app as the default app for .encrypted files, which means you'll be able to double-click on files with that extension and be prompted for a decryption password. You can set this up the first time you double-click on a .encrypted file, or by right-clicking on a .encrypted file, selecting Get Info and changing the default app in the Open With: section.
Usage Notes
-
This script can encrypt any file or directory. It uses
AES-256inCTRmode. -
After files are encrypted, they will have an extension like
.aef99d86babcf82102fa.encrypted. This extension holds aSHA1hash of the decrypted file which is used to verify the decryption password you enter is correct. If you alter this extension, decryption will fail because the file hashes won't match. You'll still be able to decrypt your file on the command line with$ openssl enc -d -aes-256-ctr -in ENCRYPTED_FILE -out DECRYPTED_FILE, though.
Configuration
There are two options you can configure in the file ~/.encrypt-decrypt.plist. This file is automatically created when you run the install script.
deleteEncryptedFileAfterDecryption- Default:
False. - Set this to
Trueif you'd like to automatically remove the encrypted versions of successfully decrypted files.
- Default:
encryptedFileExtension- Default:
.encrypted. - Change this if you'd like to set a non-default extension for encrypted files. Note that encrypted files with an extension differing from the extension in the config file will not decrypt successfully.
- Default:
Technical Details
This script uses openssl's implementation of the AES 256 encryption algorithm in Counter (CTR) mode, as is recommended in Professor Rogaway's Evaluation of Some Blockcipher Modes of Operation. This algorithm is part of the NSA's Commercial National Security Algorithm Suite and is approved to protect up to TOP SECRET documents.
This script uses the openssl -salt option. This makes Rainbow Table attacks impractical, however, it also means that if you encrypt a file and forget the password -- that's game. Nobody can recover that file. Back up your passphrases!