Simple file encryption for MacOS

A complete step-by-step recording, if you’d prefer to just follow along instead.

During a Thursday morning research methods lecture, our professor brought up the issue of data privacy and ethnographic research. Data privacy is an important issue and something I’ve written about before. One particular challenge (amplified in the context of remote work and COVID-19) is storing and accessing sensitive data. How can you safely store sensitive information, such as recorded interviews? While no method is 100% safe, there are some very basic precautions that are highly effective and easy to use.

For folks who are using MacOS (or OS X), here’s a simple method storing and accessing encrypted files.

Step 1: Open Disk Utility

Open Disk Utility, press and hold Command () + [SPACE] to open Spotlight Search, type “Disk Utility” and press Return [Enter].

Screenshot of Disk Utility on MacOS 11 (Big Sur)

Screenshot of Disk Utility on MacOS 11 (Big Sur)

Step 2: Make a New Blank Image

We’ll use this program to create an encrypted disk image that automatically resizes itself depending on how much data it contains. Go to File -> New Image -> Blank Image… or use the keyboard shortcut, Command () + N.

Blank.jpg

The image on the left shows the default blank disk image settings. The image on the right shows the settings we’re going to use. This will create a disk image with virtually unlimited space and encryption that is very tough to crack.

Default settings for a new blank disk image.

Default settings for a new blank disk image.

100 TB sparse bundle disk image with 256-bit AES encryption

100 TB sparse bundle disk image with 256-bit AES encryption

Step 3: Set Image Format To Sparse Bundle Disk Image

Click on Image Format and change from read/write disk image to spare bundle disk image.

This image format has many advantages. We’re using this format because it is compatible with Macs running OS X 10.5 (Leopard) or newer, plays well with Time Machine backups, supports APFS (the latest disk format used on Macs running 10.13 (High Sierra) and newer, and it will allow us to create a massive disk image that will automatically shrink and expand when adding or deleting files contained inside it.

SparseBundle.jpg

Step 4: Set Image Size

Click on the field for Size: and change from the default of 100 MB to 100 TB.

This is a staggering amount of data, equivalent to over 20,000 DVD movies. Don’t worry about filling up your hard drive. This number represents the theoretical capacity, and not the actual size.

Size.jpg

Step 4: Set Image Name

Click on the field for Name: and change from the default of “Untitled” to SuperSecret.

This is just an example, feel free to get creative. Repeat this step under Save As: and rename “Untitled” to SuperSecret.

Name.jpg

Step 5: Set Encryption

Click on Encryption: and change from the default of “none” to 256-bit AES encryption (more secure, but slower).

No encryption scheme is perfect, but 256-bit AES is pretty darn good. Brute force attacks using the world’s most powerful super computers would take an absurd amount of time and energy. Using a single desktop PC to brute force would require more time than the eventual heat death of the universe.

AES256.jpg

Step 6: Set PASSWORD

As is often the case, the password is going to be the weakest link in this security scheme. Password strength, password length, storing and managing passwords, etc. are lengthy subjects beyond the scope of this guide. There are password managers like Keychain, and strategies for composing memorable passwords, but keep in mind…

if you forget or lose this password, your data will be lost forever.

Password.jpg

Step 7: Double-CHECK YOUR SETTINGS

Disk Utility can do some spectacularly stupid things. It’s a good idea to double-check your settings. Make sure:

  • You’re saving the disk image to some place that is easy for you to find.

  • You’ve set the correct disk image Size, Format, Encryption scheme, and Image Format

If everything looks good, then save your disk image.

Complete.jpg

Step 8: Create Disk Image

Click “Save” and wait for the disk image to be created. This should take less than a minute, depending on your system. After it finishes, click “Done” and quit Disk Utility by File -> Quit or by pressing Command () + Q.

Create.jpg
Done.jpg

Step 9: Inspect Disk Image

On your desktop, you should see an icon with the name of your disk image and sparse bundle. Right-Click on the .sparcebundle file and click Get Info. As you can see, the file size is only 56 MB, which is just slightly larger than a typical video file.

Mounted.jpg
56+MB.jpg
GetInfo.jpg

Step 10: Verify Disk Image Capacity

The mounted disk “SuperSecret” is a rewritable volume with up to 100 TB capacity. To verify this, Right-Click on the mounted disk and click Get Info. The capacity shows 100 TB, but is limited by the physical disk’s free space.

Compare.jpg
Trash.jpg

Step 11: Unmount Disk

The mounted disk “SuperSecret” is automatically mounted after image creation. After you move your sensitive data to the image, you’ll want to unmount the disk. In general, it is a good idea to only mount the disk image when you’re planning to read or write sensitive data. Leaving the disk mounted 24/7 leaves the data vulnerable to unwanted access. Simply Click and Drag the mounted disk to the Trash to Eject.

 

Step 12: Mount Disk Image

In the future, when you need to read/write sensitive data, simply Double-Click the .sparsebundle disk image to Mount the encrypted volume. You’ll need to enter your password to access, but you can store this in Keychain to make this process automatic.

OpenPass.jpg