I'm going to look at two methods for encrypting files on Mac OS X. The first is built in, and uses DisK Utilty to create an encrypted disk image.
Disk Utility needs to work from a folder, so you first need to create a directory to put your protected files in. I used "secrets" as my directory name, and moved my important files into it. I then invoked (in Terminal):
hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg
You can also do this with the graphical Disk Utility tool. This will ask for an encryption passphrase, or you could just do:
echo "your passphrase" | hdiutil create -encryption -stdinpass -srcfolder secrets foo.dmg
This creates "foo.dmg" and the passphrase you used is required to open it. If you do that graphically through Finder, you'll be prompted for your phrase, or you can do it from the command line:
hdiutil attach -stdinpass foo.dmg
(But see Mac OS X Encryption Problem for a subtle trap here)
Entering the correct passphrase gives you a mounted disk image where you can access your files. By the way, don't forget to remove the "secrets" directory and its contents.. not much point in encrypting a disk image of a folder and leaving the unencrypted version on the disk.
You can download this from https://macgpg.sourceforge.net/. Run the installer, and then at the Terminal command line run:
This asks a few questions, including requesting a passphrase, and generates the files it needs. Generating these will take a fair amount of time - you need patience. You also need your machine to be doing something; I did "ls -lR /" in a terminal window while continuing with my ordinary work. Eventually gpg will finish up:
gpg: /Users/apl/.gnupg/trustdb.gpg: trustdb created
gpg: key 5D604AE8 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/5D604AE8 2006-05-14
Key fingerprint = F08A C9DC 53DF AF02 8E50 B683 2A0B 47EC 5D60 4AE8
uid Tony Lawrence (Key for files) <email@example.com>
sub 4096g/100D68F5 2006-05-14
For simple use, gpg is very easy. For example, given a file "stuff":
gpg -e stuff
is all you need. That will ask for a user id (you provided that when you created the gpg keys) and will create "stuff.gpg". This does not remove "stuff", so if you are using this to protect files on your disk, remove the original. To decrypt, "gpg stuff.gpg". For that, you'll need your passphrase.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2010-10-27 Anthony Lawrence
I was taught that the human brain was the crowning glory of evolution so far, but I think it’s a very poor scheme for survival (Kurt Vonnegut).