Can I pick what files/folder File Vault encrypts?

Discussion in 'macOS' started by feakbeak, Nov 9, 2005.

  1. feakbeak macrumors 6502a

    feakbeak

    Joined:
    Oct 16, 2003
    Location:
    Michigan
    #1
    The thread about the security of File Vault prompted this question, but I thought it was best suited for a new, more specific thread.

    I tried to use File Vault once but it encrypted my entire profile folder including music, photos, etc... the vast majority of the files in there do not need to be encrypted at all. Encrypting and unencrypted all of those media files all the time is a waste of CPU cycles and just bogs down the machine. Is it possible to configure File Vault to just encrypt my Documents folder or perhaps a subfolder of Documents? That way I can just encrypt the files/folders that I feel need to be secured a bit more.

    I had looked for a setting like that in File Vault but didn't have any luck so I thought I would ask.

    Thanks.
     
  2. Mitthrawnuruodo Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #2
    No. FileVault will encrypt your home folder, and just your home folder.

    If you need one or more encrypted "folders" make encrypted disk images in Disk Utility. (Tip: Sparse images takes up just the space of what you put into them.)
     
  3. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #3
    I second that "nope".

    I don't trust FV for the square root of how far I could throw it.

    I also second the use of encrypted .dmgs as a better alternative.
     
  4. madmaxmedia macrumors 68030

    Joined:
    Dec 17, 2003
    Location:
    Los Angeles, CA
    #4
    If I make a sparse image, does that mean the 'Size' selection is ignored?

    (when you create a new disk image, you get a dialog box with 3 options- Size, Encryption, and Format. 'Format' is where you select sparse disk image.)

    EDIT- I know how it works. You still need to assign a maximum capacity to the disk image. I guess you should select a capacity that is somewhat larger than you expect to need, since there's no hit in file size if you create a sparse image.
     
  5. feakbeak thread starter macrumors 6502a

    feakbeak

    Joined:
    Oct 16, 2003
    Location:
    Michigan
    #5
    I'll have to give encrypted disk images a try. Thanks for the advice.

    Does it use the same encryption method as File Vault?
     
  6. Mitthrawnuruodo Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #6
    From memory: Yes, both use 128 bit AES encryption.
     
  7. feakbeak thread starter macrumors 6502a

    feakbeak

    Joined:
    Oct 16, 2003
    Location:
    Michigan
    #7
    Using an encrypted disk is working quite nicely for me. Thanks.

    I still wish you could set detailed settings on File Vault just so I wouldn't have to bother with mounting and unmounting. It's not a big deal but I think allowing you to choose which folders get encrypted in File Vault would be a more polished solution.
     
  8. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #8
    I recommend you trying PGP as well. Not only can you encrypt files, but you can sign them too. Same goes for email.
     
  9. wattage macrumors 6502

    wattage

    Joined:
    Oct 14, 2005
    #9
    I am trying to use encrypted disk images for the first time and have a few questions:

    I placed some data in a folder on the desktop and tried to create a disk image with encryption. File>New>Disk Image from Folder. Ok, fine, but when mounting the image it opens with no prompt for a password (which I did create with image.)?? Will it only ask for a password if the admin user is not logged on?

    Also, how do you folks keep your sensitive banking etc. information....in a word document just typed out or what??
     
  10. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #10
    When you create the image, one of the select bars has a choice for password protection. If it didn't ask you for a password, you didn't choose that selection properly. try again.

    Oh, and you can't create it that way.

    Open Disk Utility, click the New Image button, make sure you choose the AES-128 under Encryption. Then you will be prompted for a password and it'll mount on the desktop.
     
  11. EGT macrumors 68000

    EGT

    Joined:
    Sep 4, 2003
    #11
    I use an encrypted disk images for documents and important info. It's set to 60mb but I think I might need to make a new one for it is growing a lot.

    Filevault should definitely have the option to select what files you want protected. It could be like the spotlight preference window. Just drag the folders, like documents etc that need protecting instead of encrypting the whole home folder.
     
  12. Randall macrumors 6502a

    Randall

    Joined:
    Dec 12, 2005
    Location:
    Norwood, MA
    #12
    I've already discussed this in another thread, but it's worth mentioning again. For encryption that is twice as strong as the File Vault's 128 AES, if you don't want to use File Vault for any of the performance issues or you only want to encrypt file X, then it's very simple to do as long as you're not affraid to use the Terminal. (You shouldn't be! UNIX is your friend!)

    You can use OpenSSL (should be shipped with your Mac OS X) to encrypt your files with strong ciphers. Umm a small warning here, you will not have a "safety net" of a master password here. You can type
    Code:
    $ openssl enc -e -a -salt -aes-256-cbc -in examplefile.jpg -out examplefile.aes
    enter aes-256-cbc encryption password:
    Verifying password - enter aes-256-cbc encryption password:
    
    Then you type your password to use, and that's it. This will encrypt a file using Advanced Encryption Standard (AES) 256-bit. It will literally take a million years to crack that password with brute force.**
    **Using current technology, and assuming that you have a good password that's not common.

    To decrypt the file (you better know your password)
    Code:
    $ openssl enc -d -a -aes-256-cbc -in examplefile.aes -out examplefile.jpg
    enter aes-256-cbc decryption password:
    Enter your password and you're all set. Now you're l337... ok not really, but you have some serious encryption on those important files. It's just not practical to use this method on files that you touch every day, since the same steps must be repeated every time you want to open these files etc.


    P.S. I agree with everyone in this thread that the File Vault should let you pick exactly which directories you would like to be encrypted. This would avoid encrypting files that could cause problems for certain programs, as well as encrypting unncessairily like your iTunes library for example. If they had a user feature request for OS X 10.5 Leopard, this would be in my personal top 3.
     
  13. FoxyKaye macrumors 68000

    FoxyKaye

    Joined:
    Jan 23, 2004
    Location:
    San Francisco, Terre d'Ange, Bas Lag, Gallifrey
    #13
    Staaaaay awaaaaaaay! FileVault under Panther completely wiped out a co-worker's laptop last year. There's apparently a certain set of conditions related to a crashing app, loss of power and restart that keeps FileVault locked. When his laptop re-booted, it created a shadow user with a new home folder - no matter what he tried, he couldn't log in under the original user name. All data was completely lost, unless he wanted to pay in the thousands for a specialized service to de-crypt it and recover.

    It was a bad situation - if I can remember the specifics, I'll post links to the technical writeup I found online at the time that explains why and how it happened, and why there was no way to get his data back.
     
  14. semaja2 macrumors 6502a

    Joined:
    Dec 12, 2005
    Location:
    Adelaide
    #14
    isnt it true you can use target disk mode and grab the filevault then use another mac to remount it and give the master password?
     
  15. wattage macrumors 6502

    wattage

    Joined:
    Oct 14, 2005
    #15
    So should I just make a Word document and list out all of my passwords, usernames, account numbers, and such and then stick it in an encrypted disk image (with a great password obviously!)??
     
  16. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #16
    Does anyone know if you can open an encrypted image with another OS?
     
  17. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #17
    Sounds good, but I'd use text edit instead of word. More portable and standard that way.
     
  18. wattage macrumors 6502

    wattage

    Joined:
    Oct 14, 2005
    #18
    Thanks, got it working now. Glad to know about this option now!
     
  19. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #19
    I don't think so.. there was finally a Windows app that would open disk images (.dmgs) from a Mac, but it couldn't handle encrypted images.
     
  20. wasimyaqoob macrumors 6502a

    Joined:
    Dec 23, 2005
    Location:
    London, England.
    #20
    Just to be on the safe side, I wouldnt use Filevault just in case you dont remember your password - And if you do forget it, well then your screwed up because then Apple cant even trace the password.
     
  21. madmaxmedia macrumors 68030

    Joined:
    Dec 17, 2003
    Location:
    Los Angeles, CA
    #21
    If you pick a no-brainer password that you've used before, then forgetting shouldn't be a problem.

    If the CIA was determined to get into your Mac, then they could probably guess the password with trial and error. But it would still provide pretty good protection of your info for most purposes...
     

Share This Page