I’m going to look at two methods for encrypting files on Mac OS X. The first is built in, and uses DisK Utilty to create an encrypted disk image.
Disk Utility
Disk Utility needs to work from a folder, so you first need to create a directory to put your protected files in. I used “secrets” as my directory name, and moved my important files into it. I then invoked (in Terminal):
hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg
You can also do this with the graphical Disk Utility tool. This will ask for an encryption passphrase, or you could just do:
echo "your passphrase" | hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg
This creates “foo.dmg” and the passphrase you used is required to open it. If you do that graphically through Finder, you’ll be prompted for your phrase, or you can do it from the command line:
hdiutil attach -stdinpass foo.dmg
Entering the correct passphrase gives you a mounted disk image where you can access your files. By the way, don’t forget to remove the “secrets” directory and its contents.. not much point in encrypting a disk image of a folder and leaving the unencrypted version on the disk.
GNU Privacy Guard
You can download this from http://macgpg.sourceforge.net/. Run the installer, and then at the Terminal command line run:
gpg --gen-key
This asks a few questions, including requesting a passphrase, and generates the files it needs. Generating these will take a fair amount of time – you need patience. You also need your machine to be doing something; I did “ls -lR /” in a terminal window while continuing with my ordinary work. Eventually gpg will finish up:
gpg: /Users/apl/.gnupg/trustdb.gpg: trustdb created
gpg: key 5D604AE8 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/5D604AE8 2006-05-14
Key fingerprint = F08A C9DC 53DF AF02 8E50 B683 2A0B 47EC 5D60 4AE8
uid Tony Lawrence (Key for files)
sub 4096g/100D68F5 2006-05-14
For simple use, gpg is very easy. For example, given a file “stuff”:
gpg -e stuff
is all you need. That will ask for a user id (you provided that when you created the gpg keys) and will create “stuff.gpg”. This does not remove “stuff”, so if you are using this to protect files on your disk, remove the original. To decrypt, “gpg stuff.gpg”. For that, you’ll need your passphrase.
For more on gpg in general, see GPG/PGP Basics and for more on integrating GNU Privacy Guard with Mac OS X programs, see Configuring GnuPG (Mac OS X)
*Originally published at APLawrence.com
Add to Del.icio.us | DiggThis | Yahoo! My Web | Furl
A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com
