I would like to know how to use Automator or AppleScript to create a droplet that would compress/uncompress (tar.gz) and encrypt/decrypt with OpenSSL files and/or directories dropped in it. The workflow on what the droplet will do to encrypt would be something like this:
- Files/directory is dropped on droplet
- Files/directory is compressed
- A password prompt is presented
- OpenSSL is used to encrypt file, file is renamed to *.encrypted
- File is dropped on droplet
- If file is named *.encrypted, a password prompt is presented. If not, do encrypt workflow
- File is decrypted, and renamed
- Files is uncompressed
Actually, Automator is not a bad choice for this, as it allows you to combine AppleScript and shell scripting without actually having to mix them (which leads you straight to escaping hell, after a short stay in quoting purgatory) and pass values between them an orderly fashion. Also, besides a droplet application, Automator will allow you to create a Service with excellent integration into Finder:
Add a "Run AppleScript” action and edit its contents as follows:
– this will prompt the user for the encryption password and pass it as the first argument to the next action.
Add a “Run Shell Script” action, setting it to get its input through arguments (not
stdin, as is default). Make sure the shell is set to
/bin/bash. Edit the script contents as follows:
– this will decrypt and untar-gzip
.encryptedfiles, tar-gzip and encrypt all other files and directories with AES 256-CBC encryption and the password given.
Caveat Empteor: error handling is primitive (basically, the
forloop skips an iteration when it encounters an error), there is no logging and there is no failsafe against wrong password inputs (you might want to ask twice and compare the results, as the shell utility does). Disasters should not happen, though, as files are only deleted when the previous steps complete successfully.
Finally, you might want to investigate alternatives to prompting for a password – a passphrase file on a USB key, say (use
-pass file:/Volumes/volname/passfileinstead of
-pass pass:$password, skip the Applescript step and remove the first line of the shell script), or storing your password in the OS X keychain and retrieving it programmatically (see this answer of mine on Stack Exchange for ways to do that).