Share This

Macintosh OS Encryption

Office of Information Technology

Macintosh OS Encryption

How to Password Protect Files & Folders in MacOSX with Disk Images 

The best way to secure sensitive information from malware is to encrypt it. Encryption works by using a complex formula to securely scramble (or encrypt) individual files and folders, entire disks and data transmissions between devices. Once encrypted, the information can only be unlocked (or decrypted) using complex digital keys that require a password. Of course, it’s critical to choose a strong password.

Do this along with general password protection for maximum effect.

1.      Launch “Disk Utility” located in /Applications/Utilities

2.      Click on the “New Image” button at the top of the app­‐protect-­‐files-­‐folders-­‐in-­‐mac-­‐os-­‐x/

3.      Name the disk image and set a file size that is appropriate for what you intend to store in there

4.      Click on the contextual menu alongside “Encryption” and choose either 128 or 256-­‐bit encryption (256 is stronger)

5.      Click “Create”

6.      At the next screen you will set a password to access the folder – do not lose this password, you will not be able to open the disk image if you do

7.      Optional: Uncheck the box next to “Remember password in keychain” – only do this if you’re the only user on the Mac, otherwise anyone can open the image without the password

8.      Click “OK” to create the disk image

The encrypted disk image is now created. Now you need to locate the image, mount it which will require the password set in the creation process, and drag files and folders into the mounted image that you want password protected. The default location for new disk images is the Desktop, but if you saved it elsewhere, look there instead.

Once you are finished copying files and folders to the mounted disk image, eject it like any other disk and the contents will be safely protected within, requiring the password to access again. Because the files and folders have been copied, you’ll want to delete the originals so they aren’t visible to anyone else. Again, do not lose the password set or you will not be able to get access to the contents of the encrypted disk image.

This should not be considered a replacement for setting a general password for a Mac, and it’s always a good idea to lock down the screen when you’re away from the computer. Filevault also provides encryption and security features, but older version have some potential speed drawbacks that are particularly noticeable on non-­‐SSD drives, this is mostly a non-­‐issue for OS X Lion, however.

This specific “Image from Folder” trick requires OS X 10.8 or later to use:

1.      Open Disk Utility, found in /Applications/Utilities/

2.      Pull down the “File” menu and select “New” and then “Disk Image from Folder”

3.      Navigate to the folder you wish to turn into an encrypted drive and click “Image”

4.      Set the Image Format to “read/write” and the Encryption to “128-­‐bit AES”

5.      Choose a strong password (or generate one by pressing the black key icon) and – this is important – uncheck the box saying “Remember password in my keychain”, then click OK

If you do not intend on using the encrypted image as a working folder that you can add and remove documents from, you can choose an Image Format other than “read/write”.

An encrypted disk image will be created based on the folder you specified, it may take a while if the folder is large or your Mac is slow.

Accessing the Encrypted Folder & Contents

After the encryption procedures are finished, you’ll now be able to access and use the encrypted folder. To summarize steps of accessing the encrypted folder and how to properly use it to maintain security:

1.      Open the encrypted folder image with a double-­‐click, treating it as a normal disk image

2.      Enter the password used during the initial encryption setup – do NOT check “Remember password”

3.      Access the encrypted folder and the contents as a mounted virtual disk, you can modify, copy, edit, delete, and add to it

4.      When finished, close the files and eject the virtual image to re-­‐secure the folder and files and require a password for future access

You will want to locate the encrypted dmg file and store it somewhere accessible enough, since you will be using a double-­‐click to try to mount the folder image in the Finder when it needs usage, and of course you will need the password to access the files. Just as when creating the disk image password, always uncheck the box saying “Remember password in my keychain” or else you will store the password and lose the security benefit of the encrypted image since anyone with access to your user account could open it. This also applies to transferring the encrypted folder image to another Mac.

With a readable and writable encrypted disk image, you can treat it as a normal folder and copy, delete, or move files from the image. Anything brought into the image while mounted will become encrypted automatically under the same protective layer with the same password. When you are finished working with the folder and want it password protected again, simply unmount the disk image. Regaining access again will require the password before it can be mounted and available.