[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 20/02/18 11:57, Simon Waters wrote: > Henry Bremridge wrote: >> I can use 7z to create AES encrypted zip files for Windows (important >> given >> GDPR), that is if clients have Windows 10 or Windows 7 >> >> What about apple products? Does anyone have any idea how I can encrypt a >> file I send to an apple user and have the client be able to open it >> without >> the client downloading software? > > I have a nearly vanilla (recently reinstalled) test Mac. > > Output of: > $ type openssl > $ type tar > > Suggests the obvious Linux command line approach would work. > > Although the OpenSSL version string he says LibreSSL. > > Seriously though, I'd just mandate GPGtools, and use GPG. You'll have a > GUI, services, sensible default crypto, key management tool etc. They lag > a little behind Mac releases sometimes. > > Also you'll use sensible key lengths, and your lovingly encrypted files > won't just spew their contents to a key brute force because users thinks > "Rainbow1" is a strong password. This is the correct answer! There is the slight problem that Henry wants to be able to send specifically to a user who can't or won't download new software though so unless he's already got GPGtools this won't work either. If you're genuinely stuck with only the tools on a vanilla-ish Mac then you still have a lot of options luckily. Did you know that you can create and mount a disk image of arbitrary size on Mac, just like Linux? And that disk image can be FileVaulted if required? You'll need a Mac at your end as well to do this but you can stuff all the things you want into a sparse FileVaulted image, detach it and send it as usual. He can attach+decrypt the dmg at the other end. Hang on, there must be an easy 1-2-3 tutorial for this somewhere out there... Like so: https://gizmodo.com/how-to-easily-encrypt-files-on-mac-1785467654 Macs also have Open/LibreSSL (depends on the vintage) and a bunch of other crypto capable tools available in the terminal by default. If you're only worried about the active transmission of the data rather than it being encrypted at rest there are even more options - if he can copy/paste a terminal command or two you email him why not have him connect to a service (SSH for scp/rsync or sftp, a VPN, or even just a hacked up tunnel via ncat/corkscrew/whatever) knocked up just for this purpose? Here's another tutorial and this one has encrypted dmgs and some openssl guides: https://www.macobserver.com/tmo/article/how-to-strongly-encrypt-a-file-for-free-in-os-x I can tell you one thing that apparently *won't* work which I coincidentally found out yesterday - create a password protected .zip file on Linux using fileroller (the built-in Gnome archive tool) and it won't open on a current macOS High Sierra system using the default unzipper, The Unarchiver or Stuffit. No idea what that's about. I had to resend the client data without the - admittedly largely useless - zip password and it opened fine then Â\_(ã)_/Â Cheers -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq