Use Disk Images To Keep Private Data Private

Globe-BondI always figured I’d make a great secret agent. I’m a pretty good shot (at least with my Red Ryder BB gun), I’m nearly unnoticeable in a crowd (especially at “singles” events), and I know how to keep a secret (I’ve never told anybody that story about OWC Michael, the ferret, and the jar of strawberry jam). It’d be a pretty sweet gig, too: you get a spiffy wardrobe, are accompanied by attractive women with double entendres for names, and—of course—the quartermaster gives you a load of awesome gadgets to play with.

Alas, for a myriad of reasons, it’s not to be. But I can at least act all super-sneaky and such by encrypting data that I want to keep “private” using an encrypted disk image for my data. (Hey, Katie, how’s that for a roundabout, tangental introduction to an article? Ha!)

All kidding aside, though, there are a number of reasons you may want to have encrypted files on your hard drive(s). How about:

  • If you’re a musician who has all the track files for your latest album on a drive and you don’t want them getting out if your drive is lost or stolen.
  • If you have the plans for your company’s next big product that you need to keep with you as you move from supplier to supplier.
  • If you use any online “cloud-based” storage (such as Dropbox, Google Drive, SkyDrive, etc.), where your data is not on storage under your direct control.
  • If you have sensitive data you’d like to be “for your eyes only” (such as holiday gift lists, tax info, or your plans for world domination).

Of course, there’s more than one way to encrypt your data; much of it depends on usage and preferences. Windows has its own encryption options, and if you’re working in a mixed-OS environment, you may want to look into the cross-platform PGP utilities available for the appropriate OS versions you’re using.

However, there are lots of instructions online with that kind of information for those utilities; we’re going to focus on OS X instead. Under Mac OS X, there are a number of ways of encrypting your data. Encrypting your Mac’s main drive is simple enough; all you need to do is have FileVault. In Lion and later, you can use Disk Utility to format your external drives as “Mac OS Extended (Journaled, Encrypted)”, and use pretty much the same technology as FileVault; if you’re running Mountain Lion, you can even encrypt your external by right-clicking the drive icon in the Finder, though that may take a little longer.

It’s a pretty good way of offering some decent security for your external devices. However, there’s a slight drawback: if any of the Macs you want to use this with are running 10.6.8 or earlier, you can’t use an external drive encrypted this way.

No... Really... It won't let you.

No… Really… It won’t let you.

So what do we do if we want to encrypt files for use across a wide array of OS X versions? Fortunately, we still have another option: encrypted sparse bundles. This is a form of disk image that expands as items are added to it (up to its predetermined limit) and requires a password to access. The neat part is that it can be used with OS X versions as far back as 10.5, and can coexist with non-encrypted data on the same drive. That last bit enables it to work exceedingly well with “cloud” services.

Creating the sparse bundle

In order to create our encrypted sparse bundle, we’ll need to open up Disk Utility; you can find it under Applications/Utilities/Disk Utility.app on your boot drive.

Once you’ve opened up Disk Utility, go to the File menu and select New>Blank Disk Image, (or simply hit Command-Option-N). You’ll then be presented with the New Blank Image window, where you’ll need to fill out the following information.

encryption-save

  1. Save As: – This is the name that will be on the icon you click in the Finder. You can either give it a descriptive name like “Tax Info” or if you wish to be more clandestine about it, you can give it the name of something that pretty much nobody would be interested in, like “Bran Muffin Recipes.” I’m going to go with “Economics Essays.”
  2. Location – Choose where you’re going to save the file, and select it, just like you would with any other document. In this example, I’m going to put it in my Dropbox folder.
  3. Name: – This is the name of the disk image that will appear in the Finder once you’ve double-clicked on the icon in the location you selected above. This can be whatever you want.
  4. Size: – This will be the maximum amount of data you will be able to store in the disk image. Since I am creating this for my Dropbox account, and I only have 5GB worth of space, I can’t go over 5GB; to accommodate other files and such, I’m going to go with 2GB, which will more than suffice for my purposes.
  5. Format: – This is just the file system for the disk image (it appears to OS X as a mounted drive). Unless you have a specific reason for needing another option, you can just leave it at the default Mac OS Extended (Journaled).
  6. Encryption: – This is where we determine how complex we’d like our encryption to be. The recommended 128-bit will probably do for most, but just for the sake of going to extremes, I’m going to go with 256-bit.
  7. Partitions: There are a lot of options here. However, unless you’re doing something specific that you know requires a specific format, you can just leave it at the default.
  8. Image Format: This is where we determine what kind of disk image we’re making, as there are several kinds. Since we want an image that expands when necessary, but only updates changes, we’ll want to go with the “sparse bundle disk image.”

Once you have all that information filled out, you can go ahead and hit the “Create” button. You will then be presented with a popup window where you enter and confirm your password.

encryption-Password

Now that you’ve added a password, the sparse bundle file will be created and the image itself will mount. You can access it in the Finder just like if you had an external drive connected.

Transferring the files over

Getting the files you want encrypted into the disk image is simple enough; you just need to drag them over in the Finder. Keep in mind, though, that since OS X treats this disk image like an actual external device, dragging files over will only make a copy; you’ll still probably want to delete the unencrypted versions.

encryption-files

Potential applications

This is one of those concepts that can be applied in a number of ways. Do you want to encrypt files in your online “cloud storage” account? Just do what I did above and set your maximum disk size to something less than your available space. Want to use your thumb drive for easy “sneakernet” file transfers, but also want to keep some stuff private? The same concept applies here; just make your maximum disk size smaller than the total size of the drive. So long as your maximum disk size never goes over what’s actually available, you’ll be good to go.

Now excuse me… my keyboard is about to self-destruct in 5 seconds…


LEAVE A COMMENT


  • We’ve used this strategy “forever” with OS X. In fact, we even have our business/customer DB files located an encrypted disk image. Since we back up our encrypted disk images as separate disk volumes, we use the fixed-file format and exclude those (rather large) files from system backups (and some of the early versions of expanding disk images had reliability issues).

    We also have all the data from various applications (e.g., Mail and iPhoto) placed on an encrypted disk image (by using a symbolic link). We enter the applicable disk images as startup items (i.e., in the user’s login setup) so they’re mounted at login. This strategy has been trouble-free for us for about a decade (we also do regular backups and mirror all disks) and provides reasonable security in the event that a system is stolen.

    Nice article and I highly recommend using the information provided.




  • I have been using encrypted images for awhile, but did not know I could re-size them. I followed the instructions in the article and set up a new image as a test, leaving the Image Format as “sparse bundle disk image”, but later was not able to re-size it. In disk utilities I have the option to re-size, but when I increase the size and click for it to change, nothing happens. Any suggestions as to what I’m doing wrong?




    • The size of the sparse disk image shows as the size of the items stored inside it up to the capacity set in Disk Utility. As you add files to the sparse bundle, the file will grow until it reaches the limit set when creating it.