Today, once again, I was very delighted with my MacBook Pro. Because I use this laptop professionally I have data on there that belongs to my clients. Since I take the data with me I better encrypt it. Until now I used a default feature called FileFault that encrypts your whole home-directory. That is not really what I want but I could live with that until I started using TimeMachine (Apple’s great backup solution that allows you to easily recover old data). Mutations on your FileVaulted home directory are only stored when you log out and not every hour like other data on your system.

So I went looking for other solutions. In Linux I was able to create crypted filesystems and mount them anywhere I wanted. So I started searching on the internet for a similar solution for OS X. I shouldn’t have searched that far from home since this functionality is right here, in OS X itself. The Disk Utility program offers everything I was looking for.

Just open the Disk Utility program. It is in your Applications/Utilities folder.

In Disk Utility just click on the “New Image” button. This will give you the window as shown below.

Here you can fill out details like the filename of the image and where you want to store it. The “Volume Name” is the ‘mountpoint’. When you open the image it will appear as a directory with the name “Volume Name”. The Volume Size has some predefined values for different media (CD, DVD etc) but you can choose any value. I picked 20GB. The “Volume Format” is the filesystem type for the new filesystem. Now comes the interesting stuff “Encryption”. Here you can select 128-bit and 256-bit AES encryption. I selected 256-bit for that extra refreshing twist of security. I just want a normal filesystem so I select “No partition map”. Another interesting option is the “Image Format”. I use the sparse disk image. The image will grow as it contains more data. That way I can be really generous with the size because the space is not pre-allocated. Now press the ‘Create’ button and the following window will appear:

Before creating the image you will be prompted for a password (or passphrase) for the new filesystem:

Now you better choose a strong password and more importantly: uncheck the option “Remember password in my keychain”. When you leave the option checked OS X will store the password in the keychain and automatically use that when you try to mount the image. So this really defeats the purpose. We want to protect the data in case the laptop is stolen but also when the user account is compromized.

Now press the “OK” button and your image file will be created at the specified location.

Now you can mount the diskimage by double clicking it. You will be prompted for the password (passphrase).

However it will always be ‘attached’ on the desktop.

I want it to be ‘attached’ at any point I like. Unix has its own little weapon for this: symbolic links. So let’s create one:

Now we have an alias at the point where we want it.

When we unmount the “SpecificClient” diskimage on the desktop by dragging it onto the trashcan we can test the alias. Just double click the alias and you’ll be prompted for the password. Click again on the alias and you have access to the encrypted volume.

Mac OS X. I’m loving it more and more…

This entry was posted on Wednesday, February 20th, 2008 at 22:44 and is filed under Mac OS X, software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.