I am trying to decrypt files that were encrypted on Mac OS 9 with its built-in 'encrypt' function (part of the "Apple File Security" application). I have the password and an OS9 emulator, but it doesn't recognize the files as encrypted (the files have moved around a lot, perhaps some metadata was lost), and so it doesn't give me the password prompt as it should.
Is there anywhere I can find information about what specific encryption method was used at the time so that I can try decrypting the files another way?
Best Answer
I don't know what the format is, but my understanding is that ye olde Finder uses extended attributes to determine if the file has been encrypted. You could probably manually add this data back and get it to recognize it is encrypted again.
For example, here are the extended attributes on a file I created in OS 9:
Contents of the file before encryption:
This Terminal command can add the attribute back to the file:
Not sure if these commands can be done from OS 9 but you should be able to do it from a modern macOS system and then pack the file in a
.hqx
file withbinhex encode yourfile.ext
for safe transport (so the attributes are not lost).