Encrypted Container

Suppose you have some data that you want to keep safe in case an unauthorized person gets into your computer. For example, you might have a file with your credit card numbers and other private information. One way to keep such information safe is to encrypt the file, and only decrypt it when you need to use the data.

The Mac comes with several tools for doing this. One is FileVault, which keeps your whole hard drive encrypted when the computer is off. You should enable this: if your computer is lost or stolen, nobody can get at your information. When you start up, you give your password, and the whole disk is decrypted, and everything is accessible. However, FileVault does not protect your data if a Trojan Horse or other malware gets into your computer while it's running. It is easy to protect your really valuable data by keeping it in an encrypted container. (Initially encrypting your disk may take a very long time.)

I use both methods. I turn FileVault on, and I also I keep private data in an encrypted disk image file. A disk image is a file that Mac OS can mount as if it were a disk; you often see these when you are installing new application software on your Mac. You can create a disk image that is encrypted with a password: when the system tries to mount the file as a volume, it requires that you type the password.

To create an encrypted disk image, start Disk Utility and click New Image.

Create a new sparsebundle file, minimal size, encrypted.

Choose a strong password, and don't forget it.

Double clicking this image file will require the password to mount it: then it looks like a mounted disk that you can put private files in. You can open Finder windows on the mounted disk, drag files to the disk, edit files, and so on. (Select Finder ► Preferences ► Sidebar and make sure External Disks is checked so you can see the volume in the Finder.) Dismount the image by clicking the eject icon ⏏ in the finder sidebar, and your files are secured. You can copy this encrypted file somewhere safe, like onto a CD, to create a backup of your important data that can be read on any Mac.

Other file encryption software available for the Mac is oriented toward expert users. You can use PGP software to encrypt and decrypt a text file. The advantage to this is that these files can be decrypted on non-Mac machines if necessary, because PGP is available (free) on Linux and Windows as well as Mac. TrueCrypt is free software that works on Mac, Windows, and Linux, and provides mountable volumes; its website barely mentions the Mac though. OpenSSL, which comes with the Mac, allows you to encrypt and decrypt files, but doesn't provide mountable containers.

For more security advice, see the Security article.

Home | FAQ © 2010-2017, Tom Van Vleck updated 2017-05-20 11:34