Help: How to Encrypt a Folder on Mac OS X (10.8.4)

Use an encrypted disk imaged: http://support.apple.com/kb/HT1578?viewlocale=en_US&locale=en_US

Remember that that files are freely available whenever the disk image is mounted. So if a friend is "momentarily using your computer" you'll have to close any documents and unmount the image.

One cannot encrypt a folder within Mac OS X with the built-in tools, but: How to create a password-protected (encrypted) disk image

Advanced Search or MRoogle might also be of help for finding answers to your questions.

luisito said:

Hello guys, I would like to know if any of you have the knowledge that could share with me about how to encrypt a specific folder where I store important files.

I do Biomechanical Research at my institution and I've been warned that everything I do is "Top Secret" and that I have to abide by the law.

So, I do not want anyone to get access to such information, even if it is a friend that is momentarily using my computer.

I've been using an encrypted USB drive but honestly is a hassle to plug it in and out everytime all day long, I am looking for an optimized solution for my problem.

Thank for all your help in advance.
Luis

Click to expand...

I would also consider 1) using FileVault to encrypt your whole drive and 2) creating a separate "guest" account if you anticipate sharing your machine. Only takes a second to go back to the lock screen, hand the machine over, and tell them to log in using the password "guest" or whatever. Then your stuff is (reasonably) out of sight unless they have an admin password.

luisito said:

What is a disk image?



I never share my computer but what I am doing is serious stuff, so it is better to prevent anything bad from happening.

Is it possible to encrypt the entire computer without formatting the drive? I have tried it with my external hard drive but it has to be formatted.

Click to expand...

You can turn on Firevault anytime--no need to reformat your drive. I'd recommend you enable it.

luisito said:

What is a disk image?

Click to expand...

It is like a USB flash memory thumb drive in a way, you mount it via double clicking the disk image file, access its contents (read and write), and then unmount the disk image after use, but without the hassle of unplugging and plugging in the USB flash memory thumb drive.

A video tutorial might follow.

Use TrueCrypt. You create a virtual partition - a container. When you mount it via TrueCrypt you have to type in a password. When it's mounted it appears as a new harddisk and can be used just like one. When you're finished with your work just unmount it and it's protected again. The only downside is that you have to specify the size before you create it and then it's fixed.

It's one of the best ways to encrypt data.

https://en.wikipedia.org/wiki/TrueCrypt

phrk said:

Use TrueCrypt. You create a virtual partition - a container. When you mount it via TrueCrypt you have to type in a password. When it's mounted it appears as a new harddisk and can be used just like one. When you're finished with your work just unmount it and it's protected again. The only downside is that you have to specify the size before you create it and then it's fixed.

It's one of the best ways to encrypt data.

https://en.wikipedia.org/wiki/TrueCrypt

Click to expand...

This is no different than using a Disk Image then. And Disk Images are native to OS X, you can create it with Disk Uitility and use 256bit AES encryption, or 128bit AES if you need faster read/write.

Be sure to turn on Reguire Password every time the Mac is turned on, and your mounted encrypted Disk Image should be safe -- although I'm no expert on this so please tell me if I'm wrong. I wouldn't store the password in the Keychain though.

You can also use FileVault to encrypt your whole disk. This takes a lot of time if you have a large HDD. On SSD drives, it's pretty fast. My 128GB MacBook Air disk was encrypted in I believe 15 minutes. But normal HDD can take a long time...

The Man said:

This is no different than using a Disk Image then. And Disk Images are native to OS X, you can create it with Disk Uitility and use 256bit AES encryption, or 128bit AES if you need faster read/write.

You can also use FileVault to encrypt your whole disk. This takes a lot of time if you have a large HDD. On SSD drives, it's pretty fast. My 128GB MacBook Air disk was encrypted in I believe 15 minutes. But normal HDD can take a long time...

Click to expand...

Filevault full disk encryption is hackable.

Also it's better to use open standards than closed.

The Man said:

This is no different than using a Disk Image then. And Disk Images are native to OS X, you can create it with Disk Uitility and use 256bit AES encryption, or 128bit AES if you need faster read/write..

Click to expand...

I've used both. For now, I'm using FV since it's simpler. But it does have more limitations when dealing with encrypted images on external drives.

Also, TC is multi-platform, so you can access your encrypted images on Mac, Windows, Linux.

I'd use FV on the system/boot disk mostly to stop someone from getting/booting your computer if it's stolen.

I'd use TC for individual project/data folders, especially if they could be shared with other people not running Macs.

David

phrk said:

Filevault full disk encryption is hackable.

Also it's better to use open standards than closed.

Click to expand...

Only through FireWire port. My MacBook doesn't have one. Unless that Thunderbolt adapter can be used too

----------

unfrostedpoptar said:

I've used both. For now, I'm using FV since it's simpler. But it does have more limitations when dealing with encrypted images on external drives.

Also, TC is multi-platform, so you can access your encrypted images on Mac, Windows, Linux.

I'd use FV on the system/boot disk mostly to stop someone from getting/booting your computer if it's stolen.

I'd use TC for individual project/data folders, especially if they could be shared with other people not running Macs.

David

Click to expand...

True, if you need multi platform TC is the way to go.

Help: How to Encrypt a Folder on Mac OS X (10.8.4)

The Man said:

Only through FireWire port. My MacBook doesn't have one.

----------



True, if you need multi platform TC is the way to go.

Click to expand...

Filevault uses as default the user password. As you use this alot (logging in, installation, etc) it's possibly stored in memory. And that's where it's vulnerable. That's not the case when the Mac is shutdown. But who does that.

I would provide a source for the issue but I only know of a German one. If you still like to see it, I will provide it.

phrk said:

Filevault uses as default the user password. As you use this alot (logging in, installation, etc) it's possibly stored in memory. And that's where it's vulnerable. That's not the case when the Mac is shutdown. But who does that.

Click to expand...

Yes, that's why it might be read through FireWire, because FireWire has direct system and memory access. But I don't know if Thunderbolt could be used in the same way.

Just wonder if NSA can break the encryption?

luisito said:

Is it possible to encrypt the entire computer without formatting the drive? I have tried it with my external hard drive but it has to be formatted.

Click to expand...

External drive can be encrypted without formatting through the Finder. Just right-click on any external drive, and then choose Ecrypt. You will be prompted to enter a password. I don't think there is any feedback on the encryption process, so you have to let the computer do its chore for hours on large HDD. If you have external SSD on USB 3.0 it will probably be fast.

Help: How to Encrypt a Folder on Mac OS X (10.8.4)

Weaselboy said:

I believe you are referring to accessing the password stored in RAM via direct memory access (DMA), and DMA access was blocked starting with Lion 10.7.2.

Click to expand...

It's still a securityflaw to connect the password of the user account which is frequently used to the full disc encryption.

EDIT: But you are right the known issue is fixed. Just read about it. Thanks for the info. Wasn't up to date on that topic.

luisito said:

-Is there a negative characteristic to an Image?
-Is is possible to reverse FileVault, remove the encryption with the click of a button?

Click to expand...

- The only negative is that you lose the data if you forget the password.
- To remove the encryption on a drive, right-click and choose "Decrypt..."

If the work you're doing is truly "Top Secret", then you should have an IT staff that can help you with this stuff. I recommend you use them since it seems like you're new to encryption.

jayhawk11 said:

If the work you're doing is truly "Top Secret", then you should have an IT staff that can help you with this stuff. I recommend you use them since it seems like you're new to encryption.

Click to expand...

If the work he is doing is truly top secret then there are a lot of restrictions on that data. Not likely that he can use anything in the black area. If he's copying top secret information, even encrypted he is in violation of his security clearance and could be fined and / or jailed. He should be talking to his FSO before doing anything with any information.

My guess it is more corporate secrets in which case none of this matters.

luisito said:

Are you taking about the IT? Not quite following you on this one. I am not copying information, I am creating it.

The data that I use is intellectual property, even though it is academic. Can't even discuss it during dinner with my family and can't let anyone access the information because if an unknown company gets a hold of this data, they can make millions out of it. The information is truly top secret.

Click to expand...

I think you're miss using the term "Top Secret". There is an official classification of data that is Top Secret and that is highly secured / classified material within the government. What you have is Intellectual Property; it is a trade secret. It is VERY different than Top Secret information.

Top Secret information can NOT be stored on any portable media without extreme security precautions being taken, not just encryption but control of the media as well, licensed couriers and paper trails of who has been in possession of the data at all times. This information is highly controlled via FSO (Facility Security Officers) who are trained to do this job. The use of USB Flash drives is considered an extreme No-No.

What you have is a trade secret of a company; it is intellectual property. You are not allowed to share it with anyone and you have to do the best of your abilities to not distribute it. If you shared the information with others you could be subject to IP theft laws; but that's about it. If you had your flash drive lost or stolen, even if it was unencrypted, the company could fire you, or other reprimands but it would be almost impossible for them to sue you or have you arrested.

Where as, loss of Top Secret information can be devastating to the country, cause deaths of countless people, and even unstablize regions of the world. Intentional distribution / sale of TS material can result in life in prisonment, huge fines, and even execution (Example.) Even if you lost the information by accident you are to be held accountable since you should never have such information in a way that it can be lost / stolen. It is YOUR responsibility. To have access to this information you are required to have a security clearance of the left of data that you are accessing. To get this clearance it takes about 18 to 24 months of a background investigation where they research not only you, but your entire immediate family for security risks. Any major negative mark on your record will invalidate your clearance and thus prevent you from having access to said material. Such as drug use, being in debt, contact with foreigners (depending on the country), and more.

I think this is the cause of the confusion; although it is "Top Secret" for the company, it is not considered Top Secret information in terms of classifications. It is a corporate secret / trade secret.