How-To: Create an Encrypted Volume on Mac OS X
10 Sep 2007 |
Archiving and
Backups
Here is a step-by-step guide to creating an encrypted
storage vault (or volume) on your Mac running OS X.
Once you have mastered this simple skill you can
ensure that any data you carry around on USB thumb
drives or CDs will be safe even if it gets lost or
stolen. Contrary to popular belief, you can get
industrial-strength encryption right on your Mac
without spending a dollar. Read on and this column
will show you how.
If you think encryption is only for people with
something to hide, or the stuff of spy novels, think
again. In fact, if you save any of your personal data
(banking statements, bill payment records, an online
keychain, your social security number) on a thumb
drive and it gets lost or stolen, encryption could be
your best friend. Said another way, an encrypted
drive is an identity thief's worst enemy.
You may also think encryption costs money. "Don't I have to buy some fancy software to encrypt my data?" you might ask. In fact, if you have a Mac, you don't. Encrypted volumes are there for the taking. You can create new ones of any size on any disk you like. You just have to know how. Better safe than sorry, right? And learning how is easy.
So let's start by understanding what encryption is all about. Or if you already know, just skip ahead to the step-by-step instructions below. To "encrypt" is the process of scrambling data to put it into what seems like completely random order. This must be done in a way that no one but you can put it back into the original order, or "decrypt," the data. It would be like taking every letter on this page, dropping them into a blender and pushing the "puree" button. But the beauty of an encrypted volume is that your computer can use your password (and nothing else) to put everything back in the proper order. Everything. Once you unlock it with your password, your encrypted volume will work for you (and all of your software) just like any other volume on your system. Eject the volume and to anyone else it is just random scrambled letters, or data puree.
Creating An Encrypted Volume in Mac OS X:
-- Open "Disk Utility" (from the Applications | Utilities Folder)
-- From the Images Menu, select: New | Blank Image... ("Image" here does not mean picture, but is short for "disk image.")
-- Choose a location for your volume (you can save it on any drive, even a writable CD/DVD before you burn it)
-- Give the Image a name, such as: "My Encrypted Data"
-- Set these other attributes:
Size: (Choose an appropriate maximum size to fit your drive)
Encryption: AES-128 (or any other encryption strength available)
Format: sparse disk image (this way the volume will start small and grow as you use it)
-- Click Create. You will be prompted to create a password.
Unlike with online passwords, this volume will not have a "forgot your password" option to bail you out if you do forget. Choose carefully and be sure of your password before you start saving data on the volume. There is no way to recover data from an encrypted volume without the password.
Open an encrypted volume just by double-clicking on it in the Finder. Mac OS X will prompt you for the password and put the volume on the desktop with your other drive(s). If you like, you can have your Mac store the password in your keychain and apply it automatically when you open your encrypted volume.
That's it. You can create and use as many encrypted volumes as you need. Now if your thumb drive falls into the wrong hands you'll be safe, not sorry.
You may also think encryption costs money. "Don't I have to buy some fancy software to encrypt my data?" you might ask. In fact, if you have a Mac, you don't. Encrypted volumes are there for the taking. You can create new ones of any size on any disk you like. You just have to know how. Better safe than sorry, right? And learning how is easy.
So let's start by understanding what encryption is all about. Or if you already know, just skip ahead to the step-by-step instructions below. To "encrypt" is the process of scrambling data to put it into what seems like completely random order. This must be done in a way that no one but you can put it back into the original order, or "decrypt," the data. It would be like taking every letter on this page, dropping them into a blender and pushing the "puree" button. But the beauty of an encrypted volume is that your computer can use your password (and nothing else) to put everything back in the proper order. Everything. Once you unlock it with your password, your encrypted volume will work for you (and all of your software) just like any other volume on your system. Eject the volume and to anyone else it is just random scrambled letters, or data puree.
Creating An Encrypted Volume in Mac OS X:
-- Open "Disk Utility" (from the Applications | Utilities Folder)
-- From the Images Menu, select: New | Blank Image... ("Image" here does not mean picture, but is short for "disk image.")
-- Choose a location for your volume (you can save it on any drive, even a writable CD/DVD before you burn it)
-- Give the Image a name, such as: "My Encrypted Data"
-- Set these other attributes:
Size: (Choose an appropriate maximum size to fit your drive)
Encryption: AES-128 (or any other encryption strength available)
Format: sparse disk image (this way the volume will start small and grow as you use it)
-- Click Create. You will be prompted to create a password.
Unlike with online passwords, this volume will not have a "forgot your password" option to bail you out if you do forget. Choose carefully and be sure of your password before you start saving data on the volume. There is no way to recover data from an encrypted volume without the password.
Open an encrypted volume just by double-clicking on it in the Finder. Mac OS X will prompt you for the password and put the volume on the desktop with your other drive(s). If you like, you can have your Mac store the password in your keychain and apply it automatically when you open your encrypted volume.
That's it. You can create and use as many encrypted volumes as you need. Now if your thumb drive falls into the wrong hands you'll be safe, not sorry.