Okay, @lokrado, heres your answer. The reason I dont use FileVault is that its too
monolithic. Its all-or-nothing. I dont need my entire home folder encrypted, just my sensitive files, the ones Id be concerned about if someone got ahold of my computer. Besides, in the past Ive had problems with FileVault which are probably fixed as of Snow Leopard; nevertheless, I dont want to take the chance of dealing with that kind of thing again.
I thought about using encrypted sparsebundles, but the idea of storing my files on a separate virtual drive just didnt seem very streamlined. One morning I came to a realization connecting three points: Mac OS X is just Fancy UNIX; disk images are attached to a mountpoint inside
/Volumes; UNIX lets you set mountpoints (just about) wherever you want them. See where this is going?
I have about half a dozen encrypted sparsebundles (Mac OS Extended, Journaled format) tucked away in my
~/Library, that correspond to folders in my Home folder. Immediately after I log in, a shell script (that runs as I described previously) attaches these disk images to these folders as mountpoints. The commands go something like this:
Code:
hdiutil attach /Users/simplebeep/Library/Application\ Support/FotoCrypt.sparsebundle -mountpoint /Users/simplebeep/Pictures -nobrowse
Hdiutil attach opens disk images. I have the passwords for mine stored in my Keychain, which keeps them safe until I legitimately log in. The
mountpoint flag tells the system where to put the disk once its open; youll notice, in the example, it replaces the system-provided Pictures folder. (Just dont do that with the Library!) Finally, the
nobrowse flag instructs the Finder that this is to be treated as a regular folder, and not to be shown on the Desktop or Devices section of the sidebar. Its a folder whose contents just happen to be stored on a separate diska disk which is stored, encrypted, elsewhere inside the Home folder.
So all my encrypted files are still stored seamlessly inside my home folder where they ought to be. They really function as encrypted folders! I even do this with my
Dropbox. When I was setting it up, I simply quit Dropbox,
moved the folders contents into the appropriate sparsebundle, mounted it in the old folders place, and launched Dropbox again. The app didnt even notice there was a change! My aforementioned script now starts Dropbox after the folder is mounted.
The advantages of this system:
- Time Machine makes hourly backups of my encrypted folders (or rather their encrypted sparsebundle counterparts) even while Im logged in and theyre mounted.
- Only the folders I want encrypted, are encrypted.
- My documents are still in ~/Documents, likewise with my pictures, etc. Using exactly the same method, I can encrypt my email (~/Library/Mail).
- Once set up, this system is almost as convenient as FileVault. When I log in, my files are there, and when I log out, theyre inaccessible without my password.
- If one of the images fails, it doesnt affect the others.
The disadvantages:
- This system is difficult to set up if you dont have a good knowledge of Mac OS or you dont know exactly how to go about setting it up.
- You cant use Time Machines spacey interface to see past versions of the encrypted folders contents. But you can still open up your TM drive and open past versions of the sparsebundles!