Creating Encrypted Container-images on OS X
I never really got all the big blog-announcements when truecrypt was released for OS X. Everybody went crazy because of the ability to encrypt partitions on OS X. The windows version has a nice preboot authentication feature and the "native"; encryption options (bitlocker and EFS) were both created by Microsoft which makes it quite understandable that people tend to like truecrypt on windows.
On OS X you imho don't really need truecrypt. OS X has built in support for encrypted dmg files.
They mount like regular diskimages (given that you know the password), they are encrypted with the AES algorithm in either 128 or 256 bit strength and on my slow laptop drive, on the fly encryption doesn't really slow thoughput down thaaat much. If you've got a faster drive (e.g. 3,5" external HDD): do you really permanently move data or do you simply put it on the drive and access it every other week?
To create such an image you have to take several things into consideration:
- Would you like to create a sparseimage?
The image will grow to a given size but only take as much space as the amount of data it currently hosts. The only problem is, that once you delete something inside the image, you'll manually have to do a "compact"; (using hdiutil) in order for "empty"; space to be readded to your partition —> sparseimages will grow automatically up to a given size, but shrinking is a process that has to be done manually.
If you plan on encrypting an external HDD, you shouldn't use a sparseimage because resizing will take some time and you'll use the whole HDD anyway most of the time.
- AES128 or AES256? (Both should be secure, AES256 is slower)
On my Macbook's internal harddisc, I simply want to have a secure store for some files that shouldn't be seen by everybody.
I created a sparseimage and set the maximum size to the size my harddisc has. That way, I can put as much files in there as I want to, only limited by the size of the HDD. I set the encryption to AES128 because I don't see the necessity to use AES256. AES128 is practically unbreakable and therefor secure enough for my files).
To create an encrypted dmg, simply fire up "Disk Utility";:
Select “new image”;:
You’ll be presented with a bunch of options:
For the volumesize I set a size of 80 GB (can be resized later afaik):
I set the encryption to 128 bit:
For the Image-Format, I chose a sparse Image:
You’ll have to specify your password now.
When mounting the image later on, it’ll look like this: