How to encrypt a file from the OS X command line
OS X supports encrypting files from the command line, if you need to do so by logging in remotely.
If you would like to encrypt a file or two on your Mac to keep it secure, there are several options available to you. There are a number of third-party tools, such as GPGTools' GPG Suite, which offer encryption options for files ( ), but Apple also offers built-in .
While securely wrapping files in disk images generally requires using Disk Utility, you can do so through the command line as well, which may be useful if you are accessing a system remotely through SSH, or scripting a routine where you would like to encrypt files.
To do this, you would simply need to run the following command in the Terminal:
hdiutil create -srcfolder SOURCEPATH -encryption AES-128 DESTINATIONDMG
The "hdiutil" command is Apple's included program for managing disk images, and in the syntax above, replacing SOURCEPATH with the path to the desired file or folder will include that file or folder in the encryption.
The encryption scheme used in this example is AES-128, though you can also use AES-256 for a greater encryption level. The last component here is "DESTINATIONDMG," where you specify the full path to the final disk image file.
For example, if I have a folder called "privatefiles" in my Documents folder, I can encrypt it in a disk image called "encryptedimage.dmg" on my desktop by running the following command (all on one line):
hdiutil create -srcfolder ~/Documents/privatefiles/ -encryption AES-128 ~/Desktop/encryptedimage.dmg
When run, the command will ask for a password to secure the disk image, and prompt for a confirmation. It will then create the disk image to be the exact size of the files being encrypted, so it will not take up unnecessary space. You can then delete the private files from your system, so they will only be in the disk image.