Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypting File System Options for Mac OS X?

Posted by Cliff on from the locking-your-apples dept.

fieldmouse asks: "I recently had a laptop running Mac OS X stolen. Despite the fact that I got it back, that incident has me looking for an encrypting file system for Mac OS X; preferably one that would create a psuedo drive that I could unlock once when I log on. Anybody have any suggestions?" About 2 years ago, Ask Slashdot did the Linux version of this question. Has this gap been filled in Apple's latest OS offering?

9 of 54 comments (clear)

  1. Disk Image? by Drizzt+Do'Urden · · Score: 5, Informative

    Create an encrypted disk image with Disk Copy, make it writable, and drop your sensitive data in it ;)

    --
    Menzoberranzan Networks
  2. Use Disk Copy and stay neat by Paul+Burney · · Score: 5, Informative

    The application/system items on the drive don't need to be encrypted of course so just create a new disk image in disk copy, choosing the 128-bit AES encryption option. You will be prompted for a password to use. (Don't save it to the keychain, duh.) You will have to enter your password twice when you open the image.

    Now be very careful with your documents/items and always save them to the encrypted disk image.

    The other benefit is that keeping all your important things on that image allows for easy backups.

    --
    <?php while ($self != "asleep") { $sheep_count++; } ?>
    1. Re:Use Disk Copy and stay neat by Parsec · · Score: 3, Informative

      They will be mutually incompatible. You can't use PGPDisk with Classic in X (fails to mount) and you can't use AES images in MOS9.

      To convert, you'll have to copy your data out into unencrypted space via PGPDisk in MOS9, boot into X to copy your data into an AES image, and do a good wipe of your unencrypted data. The AES image can also be stored and mounted from a server, while PGPDisk didn't like that.

    2. Re:Use Disk Copy and stay neat by nickovs · · Score: 3, Informative

      Just to confirm, if you type hdiutil mount imagefile.dmg on an encrypted image you get a prompt to enter the passphrase and it then mounts successfully. I can not see a simple way to provide the passphrase from a program but you might be able to do it with some careful AppleScript. Of course this would totally negate any security if you kept the passphrase in the script.

      --
      If intelligent life is too complex to evolve on its own, who designed God?
  3. A Simple Solution by PastorOfMuppets · · Score: 4, Informative

    Use Disk Copy (located in the Utilities folder) to ccreate an encrypted disk image and add that image to you "Login Items" in the Login Prefrence Pane.

    --
    If you don't have anything nice to say, shut up you stupid prick.
  4. Or the old fashioned way by xinu · · Score: 1, Informative

    Not that I've tried this or even really given it much thought about it. But the command line "crypt" in your .login and .logout could always crypt and decrypt your home dir. Just a thought.

  5. Crypt by xinu · · Score: 5, Informative
    I'm going to post this again, but with a link this time.

    Look at Crypt using Blowfish and all that jazz.

    Running Solaris as an Admin I have crypt encrypt some docs upon .login and upon .logout for some documents. Never tried it for OSX but I don't see how it should be any different other then it's going to pop up a GUI asking for your passwd.

    Following the UNIX and Perl mantra, there is always another way of doing something...

  6. Advance Encryption Standard (AES) by stux · · Score: 3, Informative

    http://csrc.nist.gov/encryption/aes/aesfact.html

    (or you could just mod up the previous guy ;))

    Including the all important "What is the Advanced Encryption Standard (AES)?"

    --

    ---
    Live Long & Prosper \\//_
    CYA STUX =`B^) 'da Captain,
    Jedi & Last *-fytr
  7. Disk Copy with second keychain by ekc · · Score: 5, Informative

    As others have mentioned, Disk Copy is definitely the way to go for creating a password-encrypted volume in Mac OS X. You can make the disk images as large as you want, they are functionally pretty much indistinguishable from normal volumes, and there's no reformatting involved.

    I just wanted to add one point about storing your passwords that makes life even simpler. Try using Keychain Access to create a second keychain you call "secure" or something to that effect. Make this temporarily the default keychain so that when you create your disk images, you can store the passwords to this new keychain. Configure the keychain so that it will relock itself after a short period of time (say 15 minutes), then set the default back to your regular keychain.

    That way, you need only enter the password once to have access to every encrypted disk image, and in my experience, by the time you're done and you unmount the volumes, everything will be locked again!