OS X file encryption

I'm going to look at two methods for encrypting files on Mac OS X. The first is built in, and uses DisK Utilty to create an encrypted disk image.

Disk Utility

Disk Utility needs to work from a folder, so you first need to create a directory to put your protected files in. I used "secrets" as my directory name, and moved my important files into it. I then invoked (in Terminal):


hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg

You can also do this with the graphical Disk Utility tool. This will ask for an encryption passphrase, or you could just do:

echo "your passphrase" | hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg

This creates "foo.dmg" and the passphrase you used is required to open it. If you do that graphically through Finder, you'll be prompted for your phrase, or you can do it from the command line:

hdiutil attach -stdinpass foo.dmg

(But see Mac OS X Encryption Problem for a subtle trap here)

Entering the correct passphrase gives you a mounted disk image where you can access your files. By the way, don't forget to remove the "secrets" directory and its contents.. not much point in encrypting a disk image of a folder and leaving the unencrypted version on the disk.

GNU Privacy Guard

You can download this from http://macgpg.sourceforge.net/. Run the installer, and then at the Terminal command line run:

gpg --gen-key

This asks a few questions, including requesting a passphrase, and generates the files it needs. Generating these will take a fair amount of time - you need patience. You also need your machine to be doing something; I did "ls -lR /" in a terminal window while continuing with my ordinary work. Eventually gpg will finish up:


gpg: /Users/apl/.gnupg/trustdb.gpg: trustdb created
gpg: key 5D604AE8 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/5D604AE8 2006-05-14
Key fingerprint = F08A C9DC 53DF AF02 8E50 B683 2A0B 47EC 5D60 4AE8
uid Tony Lawrence (Key for files) <[email protected]>
sub 4096g/100D68F5 2006-05-14

For simple use, gpg is very easy. For example, given a file "stuff":

gpg -e stuff

is all you need. That will ask for a user id (you provided that when you created the gpg keys) and will create "stuff.gpg". This does not remove "stuff", so if you are using this to protect files on your disk, remove the original. To decrypt, "gpg stuff.gpg". For that, you'll need your passphrase.

For more on gpg in general, see GPG/PGP Basics and for more on integrating GNU Privacy Guard with Mac OS X programs, see Configuring GnuPG (Mac OS X)



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> OS X file encryption

8 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Wed May 17 13:34:56 2006: 2028   bruceg2004


I have been looking for a cross-platform encryption untility. Something where I could encrypt a file in Mac OS X, and be able to have the file un-encrypted in either Mac, Linux, or Windows. I think gpg will give me what I need, and work across all three platforms.

Does anyone else know of a cross-platform file encrypting utility? I have had to use: (link) for Mac and Windows, but it leaves out Linux. I have not had any luck finding an encryption utility that works across Mac, Linux, and Windows.

- Bruce








Wed May 17 13:42:31 2006: 2029   TonyLawrence

gravatar
gpg



Wed Jan 2 07:29:35 2008: 3377   anonymous


Echoing the passphrase is a bad idea, it will be in your history file. Best to pass it in interactively.



Wed Jan 2 13:10:56 2008: 3378   TonyLawrence

gravatar
Good point. And here's another problem: (link)



Mon Mar 10 22:17:17 2008: 3830   BitTube


The recent release of TrueCrypt version 5 allows for an encrypted volume that can be mounted as an image on Windows and mac for sure, I have writen a details Howto (link) I know there is a Linux version of the app, I would asume that the same volume would be supported on Linux as well. It would be good to know.



Mon Mar 10 22:24:45 2008: 3831   TonyLawrence

gravatar
Thanks!



Thu Jul 17 22:58:15 2008: 4427   RK


Mmm, downloaded GnuPG and installed it, fired up terminal like the instructions say and when I issue 'gpg --gen-key' I get back '-bash gpg: command not found'. This is on 10.4.11 so I don't know if anything's changed that caused this error. Seemed to install okay, and the md5 was correct. Any ideas?



Fri Jul 18 10:20:44 2008: 4428   TonyLawrence

gravatar
Is /usr/local/bin/ in your $PATH ?

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us