APLawrence - Information and Resources for Unix and Linux Systems, Bloggers and the self-employed
RSS Feeds Get APLawrence.com by RSS














(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version


OS X file encryption

May 2006



I'm going to look at two methods for encrypting files on Mac OS X. The first is built in, and uses DisK Utilty to create an encrypted disk image.

Disk Utility

Disk Utility needs to work from a folder, so you first need to create a directory to put your protected files in. I used "secrets" as my directory name, and moved my important files into it. I then invoked (in Terminal):


hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg

You can also do this with the graphical Disk Utility tool. This will ask for an encryption passphrase, or you could just do:

echo "your passphrase" | hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg

This creates "foo.dmg" and the passphrase you used is required to open it. If you do that graphically through Finder, you'll be prompted for your phrase, or you can do it from the command line:

hdiutil attach -stdinpass foo.dmg

(But see Mac OS X Encryption Problem for a subtle trap here)

Entering the correct passphrase gives you a mounted disk image where you can access your files. By the way, don't forget to remove the "secrets" directory and its contents.. not much point in encrypting a disk image of a folder and leaving the unencrypted version on the disk.

GNU Privacy Guard

You can download this from http://macgpg.sourceforge.net/. Run the installer, and then at the Terminal command line run:

gpg --gen-key

This asks a few questions, including requesting a passphrase, and generates the files it needs. Generating these will take a fair amount of time - you need patience. You also need your machine to be doing something; I did "ls -lR /" in a terminal window while continuing with my ordinary work. Eventually gpg will finish up:



;



gpg: /Users/apl/.gnupg/trustdb.gpg: trustdb created
gpg: key 5D604AE8 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/5D604AE8 2006-05-14
Key fingerprint = F08A C9DC 53DF AF02 8E50 B683 2A0B 47EC 5D60 4AE8
uid Tony Lawrence (Key for files) <tony@aplawrence.com>
sub 4096g/100D68F5 2006-05-14

For simple use, gpg is very easy. For example, given a file "stuff":

gpg -e stuff

is all you need. That will ask for a user id (you provided that when you created the gpg keys) and will create "stuff.gpg". This does not remove "stuff", so if you are using this to protect files on your disk, remove the original. To decrypt, "gpg stuff.gpg". For that, you'll need your passphrase.

For more on gpg in general, see GPG/PGP Basics and for more on integrating GNU Privacy Guard with Mac OS X programs, see Configuring GnuPG (Mac OS X)


Technorati tags:
;

Related Articles



Click here to add your comments




Wed May 17 13:34:56 2006: Subject:   bruceg2004


I have been looking for a cross-platform encryption untility. Something where I could encrypt a file in Mac OS X, and be able to have the file un-encrypted in either Mac, Linux, or Windows. I think gpg will give me what I need, and work across all three platforms.

Does anyone else know of a cross-platform file encrypting utility? I have had to use: http://www.kremlinencrypt.com/ for Mac and Windows, but it leaves out Linux. I have not had any luck finding an encryption utility that works across Mac, Linux, and Windows.

- Bruce






Wed May 17 13:42:31 2006: Subject:   TonyLawrence

gravatar
gpg



Wed Jan 2 07:29:35 2008: Subject:   anonymous


Echoing the passphrase is a bad idea, it will be in your history file. Best to pass it in interactively.



Wed Jan 2 13:10:56 2008: Subject:   TonyLawrence

gravatar
Good point. And here's another problem: http://aplawrence.com/Detective/encryption.html



Mon Mar 10 22:17:17 2008: Subject: Cross Platform Encryption Solution   BitTube
http://blog.bittube.com

The recent release of TrueCrypt version 5 allows for an encrypted volume that can be mounted as an image on Windows and mac for sure, I have writen a details Howto http://blog.bittube.com/2008/03/10/how-to-create-a-portable-cross-platform-encrypted-drive-using-truecrypt I know there is a Linux version of the app, I would asume that the same volume would be supported on Linux as well. It would be good to know.



Mon Mar 10 22:24:45 2008: Subject:   TonyLawrence

gravatar
Thanks!



Thu Jul 17 22:58:15 2008: Subject:   RK


Mmm, downloaded GnuPG and installed it, fired up terminal like the instructions say and when I issue 'gpg --gen-key' I get back '-bash gpg: command not found'. This is on 10.4.11 so I don't know if anything's changed that caused this error. Seemed to install okay, and the md5 was correct. Any ideas?




Fri Jul 18 10:20:44 2008: Subject:   TonyLawrence

gravatar
Is /usr/local/bin/ in your $PATH ?

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar



Related Articles

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.


book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!



 I sell and support
 Kerio Mail server




pavatar.jpg
More:
       - MacOSX
       - Security
       - Cryptography



Related Posts

CleanCode Email

How can I send attachments from the command line?

SSL,TLS,openssl

Linux Skills Test GPG

GPG/PGP Basics

Random numbers


Unix/Linux Consultants

Skills Tests

Guest Post Here










My Favorites

Change Congress