Murphy Mac - Screencasts and Tutorials » Page 'Create An Encrypted DMG'

Create An Encrypted DMG


encrypted dmgIf you’ve got sensitive files you can secure them inside an encrypted DMG. It’s far less drastic than using Fire Vault, and it only takes a minute to implement.

People new to computers often confuse file permissions with encryption. Permissions can easily be circumvented. Any user with admin rights on the computer can change the permissions on a file. More importantly, anyone can take the disk and connect it to a different machine and change the permissions.

Encrypted files are different. The only way to access an encrypted file is with the password. Permissions rely on the security of the operating system for protection. Encrypted files have self-contained security, which also makes them portable.

You might want to make a back up of your novel and store it with your web host. But how do you know the web host won’t snoop? Tuck your files into an encrypted DMG before uploading and you’re all set.

When you create a DMG you’re prompted to add the password to your keychain. That would defeat the purpose of the DMG in most cases. Chances are you’re encrypting files that aren’t going to be on your computer anyway. If they are going to remain on your computer consider leaving the password off the keychain to greatly enhance the security.

You could encrypt your entire home folder with Fire Vault, but that seems like a big step for most people. If something goes wrong or you can’t come up with the password you’ll be locked out of your own data, along with everyone else. Murphy only encrpyts files that are truly sensitive. Locking everything down doesn’t make sense.

When you’re done working with your volume eject it, don’t just close the window. Once ejected the volume requires the password for access. When you want to store the file elsewhere just copy the DMG file, not the volume.

Watch Now | Permalink

8 comments to “Create An Encrypted DMG”

  1. Is it possible to open such crypted DMG file on Windows OS ?

  2. That’s the big downside to dmg. The only things I’ve seen are tools that turn the dmg into an iso file. That’s a little too awkward for me.

    I love the dmg format, and I’d love it a lot more if there was an easy way to open it in Windows. Instead I end up zipping a lot of stuff.

  3. Notably, this is actually how FileVault works; it places your home directory inside an encrypted DMG, which is decrypted when you login and (re-)encrypted when you log out.

  4. May be a little after the fact, but I created a password protected dmg with all my banking passwords and hid it somewhere in my computer. The only people that have that password and the location are my brothers and my mother. Should anything happen to me (God forbid) they will have access to all my banking information.

  5. Antonio, maybe you should send me the password too. In case a meteor comes down on your family reunion. God forbid.

  6. Sure thing. I’ll post it on my twitter.

  7. Does keeping the dmg password in the keychain really greatly weaken the system? While someone else might get access to my machine, won’t my keychain still be encrypted by my login password? So while they will be able to see the keychain, they shouldn’t be able to read it, should they? I further thought Apple protected the Keychain password from attack by only allowing it to be reset when the old password was supplied (so someone breaking in with a system disk won’t be able to reset the password). Thanks for the info!

  8. yeah, like JR said, you need to have the right hardware for the mac to run, or if you want to, you can VM your mac (harder) or linux your mac(easier)

Leave a comment