There are many options for those using recent versions Mac OS X to encrypt files, one of which is to create an encrypted virtual disk image which has the advantage of being portable across different computers and is simple to backup. While I am still a fan of TrueCrypt because it’s disk images can be opened on multiple OSs (subject for a future post), for Mac specific files I find using hdiutil is the easiest way to go and generally has better performance.
Why not use Disk Image.app?
While you can use Disk Image.app to create encrypted disk images, for some reason Apple refuses to allow you to paste passphrases. I’m sorry, but I don’t consider manually typing 256 character pseudo-random gibberish passphrases with punctuation, letters and numbers to be very practical! If anything by not allowing people to paste passwords Apple are discouraging people from using really solid passphrases.
Create a good passphrase
I like to copy a huge long list of high quality pseudo-random passwords from GRC’s Perfect Passwords page into a text file, then use one of them along with a phrase I have memorised for the final passphrase. That way, even if someone gets a hold of that file, they can’t derive my passphrase from its contents. Goes by the security philosophy of something I have, and something I know.
Create the disk image
Fire up your Terminal.app then enter the following:
hdiutil create -size 10g -type SPARSE -fs HFS+J \ -encryption AES-256 -stdinpass -volName LABEL-NAME \ FILE-NAME.sparseimage
- -size 10g
- Potential maximum file size in gigabytes
- -type SPARSE
- Dynamically expand the image as you fill it
- -fs HFS+J
- The initial filesystem, Mac HFS+ Journaled in this case
- -encryption AES-256
- Far stronger of two encryption options.
AES-128 may be faster on slower hardware, but is obviously less secure - -stdinpass
- Require passwords to be entered in standard input
- -volName LABEL-NAME
- Name you choose that will appear in the Finder and
/Volumes - FILE-NAME.sparseimage
- Name you want for your disk image file
Accessing
If you view your Home folder you’ll see your new disk image. Problem is, like I said with Disk Utility.app above if you double click you can’t paste your passphrase in.
To access, just fire up Terminal.app and use the attach keyword. When it prompts you for your passphrase, you can paste your string of high quality pseudo-random gibberish then enter the part you remembered:
hdiutil attach FILE-NAME.sparseimage
You unmount the disk image in the same way you eject USB keys and optical discs in the Finder.
Other tips
If you create disk images that are smaller than 4.5GiB, you can burn your encrypted image to a DVD which makes it a cinch to backup! Also with this level of encryption the easiest way for people to access to your data is social engineering attacks: don’t let yourself down by using a crappy password and obviously don’t share it with anyone except perhaps your cat. No wait, cats are too smart.
Apple does not allow you to paste passwords to open Disk Images: Hello Rubenerd, I am agree with you completely, the fact that apple does not allow you to paste passwords to open disk images is completely retarded towards security – No wonder why Businesses does not use Macs and stick on Windows machines. I want the ability to paste long and highly secure passwords – from password managers such as KeepassX (recommended, free and open source) I don’t trust being forced by Apple to type a password (What if I have a key-logger) Steveeee! Go back to Apple, even with half pancreas and only one ball we want you back! and slash the bloody idiots you left in charge of Apple Security. Security is not something we should be asking, is something you shall provide. We also hope to see other security improvements in Apple products, such as full SSL sessions in Me on the web, and maybe a finger reader built on board, so I can place my fake rubber finger with no identifiable information, to start my Mac, encrypt stuff, and securely email my bitches. Regards, Tarzan, somewhere in Mexico.
LOL funny comment by nickname Tarzan. The posts on security and encryption are fun to read. They come in handy too for recommendation.
As I’ve discussed previously here I think people’s jokes and rude business commentary about Steve Jobs’ health are in very poor taste and are unwarranted, but thank you for the comments. I agree OS X does need some serious work on making secure passwords more feasible for people to use, otherwise it’s their own reputation they’ll be sacrificing — along with our own privacy and data.
You said: “While you can use Disk Image.app to create encrypted disk images, for some reason Apple refuses to allow you to paste passphrases.”
I agree completely with your objection to this. Recently, while giving a demo of Disk Utility on a friend’s Mac, I tried to show that passwords could not be copied & pasted … only to find that they COULD. Hence …
There may be a carefully hidden preference somewhere that will allow Copy of passwords from Password Assistant and Paste of passwords into Disk Utility.
Interesting note: In Keychain Access, you CAN copy a password from Password Assistant and you CAN paste it into a password field.