Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fraune/createencryptedimage

Automator Quick Action for encrypting a folder
https://github.com/fraune/createencryptedimage

applescript automator automator-workflow bash dmg encryption macos quick-action shell zsh

Last synced: 2 days ago
JSON representation

Automator Quick Action for encrypting a folder

Awesome Lists containing this project

README

        

# CreateEncryptedImage

## Description

This macOS workflow (`Create Encrypted Image.workflow`) is an Automator Quick Action, which adds a context popup on folders in Finder. When activated, the workflow launches a new Terminal window that helps users encrypt a folder and its contents. The resulting DMG disk image requires a password to unlock.

## Installation and Usage

| | |
| - | - |
| 1. Download this repository as a .zip file | Download fepository as ZIP |
| 2. To inspect the script without installing, you can Right Click `Create Encrypted Image.workflow`, and select Open with Automator | Inspect script with Automator |
| 3. To install the script, right click `Create Encrypted Image.workflow`, and select Open With Automator Installer | Install the workflow |
| 4. Click Install to register the quick action | Register the quick action |
| 5. Confirm installation, by right clicking a folder, and checking that Quick Actions now contains the workflow | Confirm quick action enabled |
| 6. A Terminal window will prompt for `sudo`, which is your Mac admin's password. It is required to run the command.

7. You will be prompted for a password to encrypt the folder with. This is distinct from the `sudo` password, and will be required to decrypt the DMG. | Encrypting a folder |
| 8. You should see a new file appear at the same location as the folder you encrypted. Double-click it, then enter your password to decrypt it. | Decrypt the image |

## Uninstallation

The workflow installs under `~/Library/Services`. Just delete `Create Encrypted Image.workflow` from there and it's all gone!

## Easier sudo

You can use Touch ID to authorize `sudo`, which I find pairs nicely with this workflow. See how here:

https://gist.github.com/fraune/0831edc01fa89f46ce43b8bbc3761ac7

## Script contents

```applescript
on run {input, parameters}
set folderPath to POSIX path of item 1 of input

tell application "Terminal"
activate
do script "sudo hdiutil create -size 20mb -fs apfs -encryption AES-256 " & quoted form of folderPath & " -srcfolder " & quoted form of folderPath & "; exit"
end tell

return input
end run
```

### Script explanation

**Set the folderPath variable to be the input folder**

```applescript
set folderPath to POSIX path of item 1 of input
```

**Open Terminal.app, and bring it to the foreground**

```applescript
tell application "Terminal"
activate
...
end tell
```

**Do the encryption work**

```applescript
do script "sudo hdiutil create -size 20mb -fs apfs -encryption AES-256 '" & folderPath & "' -srcfolder '" & folderPath & "'; exit"
```

Notes:
- This is some AppleScript that runs a Bash command, expanding the `folderPath` variable into the hdiutil arguments
- My understanding is that `-size 20mb` just sets the initial size. The resulting DMG will be more or less, depending on what you encrypt.
- `-fs apfs -encryption AES-256` sets the filesystem type and encryption type to use. Last I checked, AES-256 is the best encryption supported by `hdiutil` in this context.
- The `folderPath` variable is used twice: as the input path, and as the output path. The output path will automatically append `.dmg` onto the end of `folderPath` when the command completes.

## TODO:

- [ ] Add notification upon successful completion ([inspiration](https://apple.stackexchange.com/a/385167/475305))