Safeguarding "sensitive data" using encrypted disk images
Volume Number: 22 (2006)
Issue Number: 4
Column Tag: Programming
Safeguarding "sensitive data" using encrypted disk images
by Aaron Adams
With Tiger's release, it's now easier than ever to keep your (imagine me making big finger quotes here) "sensitive data" secure. You know the "sensitive data" I'm talking about. The kind that's not intended for casual viewing. There's also the real sensitive data. Payroll records, bonus charts, proprietary data, your secret plan for world peace. It's only a matter of time until someone using a shared Mac performs an innocuous Spotlight search that suddenly turns up a cornucopia of sensitive data associated with you. Depending on who finds it, you could lose your job, lose business, lose your significant other, or just have more headaches than you really need. An ounce of prevention is worth a ton of cure.
Hiding such things from Spotlight is a good idea. To do that, you can create an encrypted disk image that is password protected to keep nosy users out. The contents of the image won't appear in Spotlight unless the image is mounted.
To begin, go to the /Applications/Utilities folder (press command-shift-u in the Finder) and start up Disk Utility. Click File, New, and Disk Image from Folder. This will create something called a sparse image. Sparse images are initially only as big as the data they contain, but have the advantage of expandability later.
Select the folder where your sensitive data is located and press the Image button. Name the image. Select read/write from the Image Format drop-down. Click the Encryption drop-down and choose AES-128 (recommended). Select a save location and press Save.
You will then be prompted for a password. This is the password Disk Utility will use to encrypt the data and that you will have to enter it each time the image is mounted. Do yourself a favor and make the password hard to guess. Do yourself another favor and uncheck the box marked Remember password (add to Keychain). It defeats the purpose of encrypting and password protecting an image if you're going to automate its access with Keychain. Click OK after entering your new password. [Ed Note: Do yourself a final favor - make this password something different than your login password.]
A new disk image containing your data in encrypted form will be created. When you double-click the image to mount it, you will be prompted for the password. Drag and drop new sensitive data onto the image as desired for permanent safekeeping.
Over time, your collection will probably continue to grow and will become larger than the sparse image you just created. As I said before, sparse images can be expanded to any size you need, but the drawback is that you have to do it through the command line.
Open Terminal and enter this command:
hdiutil resize -size xxx /path/to/image.dmg
where xxx is the size you want to the image to be in megabytes or gigabytes. For example, 500mb or 4.7gb.
Now your sensitive data, or "sensitive data", is protected from prying eyes and accidental finds. Backups are a simple one-file copy operation. You stay out of trouble, off the unemployment lines, and in the closet. I love it when technology helps people.
Aaron Adams is a Mac consultant and network whipping boy located in Dayton, Ohio. You may also remember him from Apple's "Switch" campaign a few years ago. You can e-mail him at aaron@aaronadams.net.
