I just found out about a feature in Mac OS X that I think is absolutely great — the ability to create encrypted volumes to store confidential data. My father and I needed to exchange some sensitive financial information over the internet recently and we both looked around for a solution to do this securely with email. Of course, much to our confusion/delight, there are a ton of solutions out there. One of the solutions I found was to create an encrypted disk volume — we didn’t use this particular method for our email exchange, but there isn’t saying anything that we could not have.
An encrypted disk volume works just like any other disk volume on a Mac. Whenever you attempt to open the .dmg file, the system will ask you for a password before it will mount the bundled volume the file contains. Additionally, you can share these DMG files via email (provided that you make the volume small enough) or on a USB stick drive or other shared storage medium like a network drive. Once you’re finished with the volume, simply dismount the volume.
You can create encrypted disk volumes by using the Disk Utility application. Follow these steps once the application is opened:
Click on File > New > Blank Disk Image. You should see the following dialog box:
Give the disk image a name in the Save As: field and select a location for the resulting DMG file. Give the disk image a Volume name as well if you like – this can be different than the actual file name.
You’ll notice that you also have a number of other options available: Volume size, format, Encryption, partition, and image/format. You can play around with these settings and the system will automatically correct for anything it can’t do. For instance, by default, the volume format should be Mac OS Extended (Journaled) and default volume size is 100MB. The minimum size of that type of volume is 10MB. So you basically can set any number in here higher than 10MB. Other volume types have different minimums, for instance Mac OS Extended has a 5MB disk minimum.
In any case, the encryption field is the point of this particular article. You’ll have three options here: none, 128-bit AES encryption, or 256-bit AES encryption.
Select one and you’ll be prompted for a password to set on the new disk volume.
You’ll notice that the password dialog box will analyze your password and let you know the relative strength of your password choice. In addition, you can also store this password in your keychain file. I highly recommend that you don’t in this case – it sort of defeats the purpose in my opinion. Also note that if you forget this password – you will not be able to get into this volume.
Once you’ve entered a password and verified it, click on the OK button and the system will create your new DMG file and associated encrypted volume. To test the volume, simply unmount the volume as you would any other volume (drag to the Trash bin, right-click > eject, whatever) and re-launch the dmg file. You should get a prompt for a password before the system mounts the encrypted volume.
You can now send this volume to anyone you want, store it on a network share or USB drive, and the information will stay in encrypted format. You can even use another Mac to open the volume – provided that you type in the appropriate password on that Mac.
Hope you find this feature as useful as I have. It’s just another one of those hidden gems that you don’t see covered a lot.
-JT