File Encryption on Mac

2011.08.14 | Mac, Software |

File Encryption on Mac

2011.08.14 | Mac , Software |


These days, data security is becoming important as many important data are kept inside computers including personal computers and considering when a laptop gets stolen or gets left behind somewhere, it is good idea to give a little encryption to some of the files that you want it kept secret.

Just giving a password lock onto user account is never useful as if the whole machine is stolen, they can always detach the hard disk inside and read the content by attaching it on another machine without booting the OS inside, which circumvents any password protection, unless the files themselves are encrypted.


Luckily, OS X has a nifty feature to create a 'box' that you can dump files in encrypted quite easily. By using this, the files placed inside that box are kept encrypted giving no access to anyone under any condition, unless you provide password and open the box to read the contents. If you do not mind files like your photo being looked at, maybe you do not need to put them in there, but you may put text files containing passwords, contact addresses of your people or any private notes which you feel that they are somewhat sensitive to be put under public eyes by any chance.

To create the box, in the Finder's menu bar, click on 'Go' -> 'Utilities' and open 'Disk Utility'. Click on 'New Image' in the tool bar and specify the file name of the box, folder location, the name of the box itself and the maximum size limit of the box. (If you only store texts, 500MB is enough, but if you are going to dump in many pictures you should make the box around twice bigger than what you are going to put in, just so it won't be filled up so soon.) There are two types of encryption to choose from, but as it recommends, you could safely choose 128bit and pick 'sparse disk image' as the 'Image Format'. After you hit 'Create', you will be asked for passwords which is the important bit as this is the key to opening the box and do uncheck 'Remember password in my keychain' checkbox as this really lowers the point when the system remembers your password... And make sure password is not something other people can figure by mistake or by intention but then again, if you lose the password, there is absolutely no way to recover the contents inside, so this must be considered carefully.

When the box gets created, you can see that on the sidebar in Finder. You can toss files in this opened box as much as the box's size permits. You should be ejecting this disk image (Right click and select 'Eject' in Finder sidebar) when you're done dealing with it because otherwise it stays open for access. It will be closed if you shutdown or reboot the machine though. The actual encrypted box file should exist on the folder you have specified (Defaults to 'Documents') having an extention of 'sparseimage' and it's a single file containing all of the files inside squeezed into one encrypted and this can be stored anywhere. You can double click on that file and enter the password to have access inside again.


This way, you now have a little safe on your Mac where you can store sensitive information and not risk having them accessed by someone else in case of loss of your machine or by someone sneaky trying to sniff your machine while you are off the seat.

Other implementation

There exists a feature called File Vault under OS X that turns your entire home directory (For Leopard, Snow Leopard) or the whole hard disk encrypted (For Lion) and by doing so, you do not need to even think about opening the box for specific files but your entire files are encrypted as in your whole stuff are placed inside a big safe. This usually is a safe bet to do, especially under Lion, as previous implementation under Leopard series could affect a bit of performance issues under certain condition because every file you interact must be decrypted on the fly and encrypted back when stored and since many files are dealt behind the scenes when using programs, it had that little side effect.

But under Lion, my impression of encrypting the whole disk didn't really make me feel any performance issues, even when running Windows (using VMWare Fusion) on top of OS X and Windows ran just as decent as before. This makes more things safer because literally everything, your browsing history, cache files created by programs you were dealing with or any of your email histories are all encrypted as long as the machine isn't logged in by that user but then again, if you're logged in, then you aren't hiding anything on your machine... So, this doesn't really provide protection in all scenarios and that is why I keep this little safe 'box' to keep naughty hands off of my files and better part of it is that when you backup your files (which you really should do), File Vault does not help you there, but that disk image stays encrypted anywhere it goes.

There is another third party implementation that does similar called TrueCrypt, which works on Windows and Linux as well and has quite advanced feature sets but can be a little more complicated than OS X's native disk image implementation. The great feature about TrueCrypt is that you can even try to hide the presence that you have anything encrypted. It puts that encrypted file in some random location which is pretty hard to detect as is and thus you may not be seen as hiding anything at all, whereas creating a disk image will reveal that something sensitive should be sitting there, except there is no way to look inside without a password.

Extra Story

This is all theoretical but if you are in a serious situation about your sensitive information being encrypted or not, and if you are offended that you must tell where your information is, then letting people know that you are using TrueCrypt puts you in a tough position as no one can prove if you have anything encrypted on your machine or not which also means, you can never prove that you do not have anything sensitive yourself...

Past blogs

Enhance audio experience on computers
2011.08.14 | Hideki
To get the best out of audio experience, here are a few tips to do so. This is based on Windows as I connect my speaker on Windows desktop machine. Some steps can be applied on Mac as well. The so...
Apple WWDC Impressions
2011.06.10 | Hideki
As usual, impressive presentation. I wish Microsoft and others would do something like this to show their impressive software in a more impressive way. I've never seen any official product presenta...
Text Editors
2011.01.25 | Hideki
The most important app for any programmers is a text editor. And as such, I have used several editors over the years and going to list down the editors that made my days. These days, after program...
Playing audio under Mac OS X
2010.12.20 | Hideki
Here is the list of players I’ve tested to listen to music on OS X. Plain iTunes It’s not a bad sound definitely. Usability shines. I just love the checkbox next to each songs, so I can just pick t...
Playing audio under Windows 7
2010.12.15 | Hideki
I've tried several applications in different output methods just to see what sounded good. I always disable any of the sound enhancers to avoid getting the source mangled. iTunes with Direct Sound ...