Computing & Information Services
Mac OS X File Encryption
Encryption is a useful and simple way to protect the privacy of your files. If you use MacOS version 10.3 (Panther) or 10.4 (Tiger), we recommend you use Disk Utility, which comes standard on these versions of Mac OS X. If you are running MacOS 10.2 (Jaguar), we recommend that you upgrade to OS 10.4 and use Disk Utility.
Disk Utility is a versatile tool which can, among other things, create stand-alone archive files. These archives are called disk images and can be encrypted such that they are accessible only by password. Here are some basic instructions on how to create a disk image and encrypt it with a password. If you get stuck at any point during this process, contact cus@reed.edu for help.
Creating an Encrypted Archive
-
Open the Disk Utility program.
In Finder, open the Go menu and select Utilities. Double-click on Disk Utility. -
Note: If you don't see Utilities in the Go menu, select Applications instead. Then go to the Utilities folder and click on Disk Utility.
-
Create a new disk image.
Now that Disk Utility is open, first verify that NONE of the disks, volumes, or images in the left-hand side-bar is selected. If one is, then click in the white space near the bottom of the side-bar to de-select all disks, images, and volumes. This is important for the creation of the new image.Then, click the New Image button
on the Disk Utility toolbar. You should see a small window slide down over top of Disk Utility.Customize your disk image.
- In the Save As: field, type a descriptive name, e.g., lockedfiles.
- In the Where: menu, select where you want the archive to be created (you can always move the archive later -- for now, select Desktop).
- In the Size: menu, select the desired size.
-
Note: If you select the 4.7GB option, your encrypted file can be burned to a DVD
- In the Encryption menu, select the desired level of encryption. In most cases, your only option will be AES-128 (recommended), which is fine.
- In the Format menu, select sparse disk image.
- When you are done entering these settings, click Create.
You will see a progress bar while Disk Utility creates your archive, and then a small window will appear, prompting you to...
-
Enter a Password.
Select any password you like. Here are some guidelines for creating better passwords. Also, to make your encrypted disk image is truly secure...
DO NOT ADD YOUR PASSWORD TO THE KEYCHAIN. Ensure that the check-box labeled Remember password (add to Keychain) is UNCHECKED. Otherwise, MacOS will supply your password to anyone trying to access your encrypted archive.Click OK.
-
Add Files to Your Encrypted Disk Image.
If you saved the disk image to your desktop, you should see two new icons there.
- One of them is named something like
,
and the other one will simply be named
.
The latter of these two files is the "mounted image" of your encrypted archive: this is where you can add and remove files. Double-clicking the mounted image will open a window into which you can simply drag and drop the files you want to encrypt.
-
Encrypt!
When you are ready to lock up your files, eject the mounted disk image by dragging it into the Trash on the Dock. The mounted image will disappear, but the encrypted archive lockedfiles.sparseimage will remain.
Since it's possible to use software and recover an un-encrypted copy of the files, follow our instructions to securely empty the trash and erase free space to insure no un-encrypted versions are left on your computer. Now your data is safely locked behind powerful encryption secured by your password.
-
Decrypt!
To retrieve your encrypted files, double-click the disk image you've created. You will be required to enter your password before your files are accessible.
Note: Mac OS 10.4 can keep a copy of your files in a "Recovered Files" folder in the trash. If you have been working on encrypted files or other sensitive data and see this folder in your trash, you should use the Secure Empty Trash option to securely erase them from your computer.
