how do i go about encrypting files
You may want to choose another cipher than the one in the example. See man openssl.
where can i get a script or how do i write the script that promts for a password?
A) I don't know where to get the script.
B) Are you sure you want a suid script?
C) Have a look at perl-suid.
D) The script itself should be straightforward:
1. the script is invoked /usr/local/bin/getfile.pl /path/to/original/file /where/to/put/it
2. the script prompts for a password
3. the script hashes the password and compares it to the one stored in a file that contains filename-hash pairs
4. if the passwords match, the script copies /path/to/original/file to /where/to/put/it and chowns it to the appropriate user
5. The user can now have access to the copied file, while only root could access the original.
E) The most important part will be securing the script. (i.e. what happens if /path/to/original/file is not in the database? , what happens if the user does not have access to /where/to/put/it?, etc.)
Sample attack based on bad checking of the output file in this script:
# /usr/local/bin/getfile.pl /path/to/a/file/i/have/the/password/for /etc/shadow
Copying /path/to/a/file/i/have/the/password/for to /etc/shadow...
# ls -l /etc/shadow
-rw-rw-r-- 1 me mygroup 1928 2005-07-16 20:49 /etc/shadow
# nano /etc/shadow