Sunday, February 14, 2010

Creating an Encrypted Disk Image for Safe Files

As the long list of passwords/user names mount up for all our online social networks, shopping sites and other sites where we are required to log in, it becomes an undaunted task to keep track of all these user names and passwords. 

A method that offers security encryption is available by using the Disk Utility application on your Mac.  The use of encryption is as old as the art of communication. In wartime, a cipher can be employed to keep the enemy from obtaining the contents of transmissions.   

Below is the method to create such a disk image when using Snow Leopard System:

 (1) Open Disk Utility (located in the Applications/Utilities folder on your Mac).

(2)  Click on the File menu, select New and Blank Disk Image.

A dialog and options box for creating the New Blank Image file will appear on the screen:

(3) Enter a name in the Save As field.  

(4)  Next, select a folder or destination for storing this newly created (e.g. SafeBox.dmg) file onto your hard drive under drop-down location menu.  You can store the .dmg file directly on one of the computer's hard drives, either an internal or external hard drive.  It is probably a good idea to check to see if there is enough room available on whatever hard drive you choose.   Note: This .dmg file can always be moved from the Desktop to the main hard drive (i.e. used to boot). If, however, it is moved from the desktop to some other hard drive then a "copy" will be generated which may result in confusion.

(5)  Select a size for the image file from the Size, drop-down menu.  Select a size that will be large enough to sufficiently contain all the data or document files that you plan to place in this secure disk image.   Note: If you want an encrypted disk image larger than 500 MB you will need to select "Custom" in the size box. And plan on about 1 minute per gigabyte for the time it will take.

(6)  Select Mac OS Extended (Journaled) from the Volume Format drop-down menu.

(7)  Select either recommended 128 bit AES or 256-bit AES encryption.  It is my guess that recommending 128-bit encryption, may have something to do with additional time required for the 256-bit encoding method.  However, many feel 256-bit encryption is unnecessary. An article by Seagate, a hard disk manufacturer, (reference link: ) states that anything that could crack a 128-bit encrypted file would also be able to crack a 256-bit encrypted file ... with little additional time or effort. They currently estimate it would take 77,000,000,000,000,000,000,000,000 years on average to crack just one encryption under the following assumptions:

        • Everyone in the world (all 7 billion people) work together and simultaneously to crack the key to your encrypted file.
        • And each person uses 10 computers running 24/7.
        • And each computer can test 1 billion key combinations per second.

(8)  Select read/write disk image for Image Format.

(9)  Select the Create button.

(10) Enter a secure password, one that you will use to access this Disk Image.  Note: it is important to leave the box unchecked to deselect 'Remember password in my keychain' option.  Otherwise, your password will not be required to gain access to your encrypted file.   Many experts recommend at least 10 characters, with with at least one character being in a different case (capital letters and non capital letters) and at least one character being non alpha numeric (i.e. $, %, ^ etc).
(11)  Click OK to create the encrypted Disk Image file that will appear in the location you specified.   The created Disk image file (SafeBox.dmg) will appear on the left-side of the Disk Utility window, as well as a mounted Disk Image.


You may wish to rename this mounted Disk Image, by selecting the mounted Disk Image icon (located on Desktop) and using the cmd-I (Get Info method) to give it a name similar to the one used in the Save As dialog box.  Why? It could eventually become confusing having several mounted disk images all having the same name of "Disk Image".   
You can Quit the Disk Utility application at this time.

Now you will be able to use this mounted Disk Image (e.g. SafeBox Image) to store any sensitive data.  Double click on this desktop icon to show the contents window.  You can use this Disk Image (e.g. SafeBox Image), like a normal drive, adding files, opening, editing and copying files to it.  Merely, drag the documents or files that you wish to keep secure into the Disk Image icon or into the opened icon window.   When finished, merely eject the mounted desk icon (e.g. SafeBox Image), by dragging to the trash where you should see the eject arrow as you place the desk icon image over the trash.  

In the future when you wish to access the secure files, select the SafeBox.dmg file and double click this .dmg file to mount the SafeBox Image file to your desktop.   You will be prompted to enter your password in the dialog window and click OK.   It is important to uncheck the box to deselect Remember password in my keychain option.

In summary, there are two files that are created using Disk Utility: 
  • One file will be Safebox.dmg  <-- note the .dmg extension. This is the file to double click for mounting.    
  • The other file (e.g SafeBox Image) will appear on the desktop.  This file does not have an extension and is the file to move to the trash for unmounting,

No comments: