Encrypt files mac os x lion

Secure your data

  1. How to encrypt files on Mac OS X - howchoo
  2. Step 1: Disk Utility
  3. Use FileVault to encrypt the startup disk on your Mac
  4. Navigation menu

Finally, Apple insists that a recovery partition be present on the disk that's about to be encrypted. If it isn't, and if one can't be created e. It's kind of annoying that this check is only made at the very end of the process. Assuming a recovery partition exists or can be created, a restart is required to enable encryption. Upon reboot, a screen that looks a lot like the Lion login screen but only containing the users who are allowed to decrypt the volume appears instantly.

Select a user and enter the correct login password and the real boot process begins. Even if auto-login is disabled, you will boot directly into the account whose password was just entered. Revisiting the FileVault preference pane shows an estimate of the time remaining before the encryption process is complete. Encryption happens transparently in the background, which is a good thing because it takes a long time.

While it's running, you can use applications, logout, reboot, and generally use your Mac as you normally would without perturbing the encryption process. If any users on the system are unable to decrypt the disk, they can be allowed to do so by having them enter their login password. The output of the diskutil list command now looks a bit strange compare to earlier :. What once appeared to the OS as a single disk device now registers as two.

One contains the two non-encrypted volumes Recovery HD and Timex plus the new Core Storage volume, and the other contains the mounted incarnation of the newly encrypted well, encrypt ing , in this case volume. Using the special Core Storage variant of the list command diskutil cs list reveals more detail, most of which should now make sense after the earlier terminology review. Lion doesn't make encrypting disks other than the boot disk particularly easy. The Disk Utility application can remove encryption from a volume, change a volume's encryption password, or reformat a volume with encryption enabled deleting all the data currently on the volume in the process , but there is no option to transparently encrypt a volume without erasing it.

Command-line tools to the rescue: diskutil will happily attempt to encrypt any volume you point it at, without erasing it first.


How to encrypt files on Mac OS X - howchoo

Actually, the process is to convert it to a Core Storage volume which may optionally include encryption. Let's encrypt the Timex volume, shown as disk1s4 in the earlier diskutil list output. As the command output indicates, the volume is shrunk slightly to accommodate the Core Storage headers, then the layer cake of logical volume management components is created, at the very bottom of which is the new logical volume. No restart is required to begin the process, which happens transparently in the background just like the one initiated from the GUI.

The diskutil cs list command now shows a pair of Logical Volume Groups, each of which is declared to be in the process of encryption. The exact amount of data encrypted and remaining to be encrypted on each volume is also listed.

  • FileVault 2 - Using Disk Encryption With Mac OS X!
  • mac os x root password snow leopard.
  • How to Encrypt a Folder in Mac OS X.

The decryption process also happens in the background. Changing the encryption password for a disk does not require a lengthy decryption and re-encryption process. I assume FileVault in Lion works like other whole disk encryption solutions in that what the password actually unlocks is the real encryption key for the volume.

Changing the encryption password only requires decrypting and re-encrypting the real encryption key, which is tiny. The encryption features that Apple has chosen to provide access to in the GUI reveal a lot about the intention of this feature. First, it's meant to be completely transparent. The only change as far as the user is concerned is that the login screen appears to have moved to the very beginning of the startup process.

There is no separate password to remember; the user's login password decrypts the disk. The same goes for every other user with an account on the system. Login passwords are only tied to a boot disk, however. Using login passwords to encrypt disks that may move from one Mac to another could lead to confusion. This partly explains why there's no GUI option for encrypting non-boot disks. The other part of that decision is likely that FileVault is focused on mobile users. None of Apple's laptops have more than one internal drive, and partitioning is rare and probably only done by users who also know enough to look up the command-line utility to enable disk encryption on their non-boot volumes.

Transparent encryption and decryption, perfect software compatibility, a friendly GUI with ample safety nets for non-geek users—what's not to love?

Step 1: Disk Utility

Ah, I'm sure you're wondering about performance. All forms of whole disk encryption benefit from the current imbalance between CPU power and disk speed. In almost all circumstances, the CPU in your Mac spends most of its time twiddling its thumbs with nothing to do.

  • Turning on FileVault;
  • Subscribe to RSS.
  • how to install gmp library on mac.

This is especially true for operations that involve a lot of disk access. Whole disk encryption takes advantage of this nearly omnipresent CPU cycle glut to sneak in the tiny chunks of work it requires to encrypt and decrypt data from the disk. The end result is that regular users will be hard-pressed to notice any reduction in performance with encryption enabled.

Based on my experience with the feature in prerelease versions of Lion, I would strongly consider enabling it on any Mac laptop I plan to travel with. Disk encryption that actually works, plus some basic logical volume management features—that's all well and good. But where does this leave us on the file system front?

Use FileVault to encrypt the startup disk on your Mac

Perhaps things are not as bad as they seem. The following is all speculation, but given Apple's information vacuum on all things file-system-related, it's all I've got for now. Let's think about what it does. Core Storage is responsible for managing the chunks of data that make up the individual logical volumes on a disk.

To do so, presumably it has a set of metadata structures for tracking allocated and free space and for remembering which chunks belong to which volumes.

Navigation menu

Now imagine that those chunks begin to shrink until they are the size of, say, individual files. And instead of volumes, imagine those file-sized chunks belonging to directories. Okay, it's a stretch, but again, it's all we have to go on. Assuming Apple is happy with the way Core Storage turned out, it has effectively fielded its first brand-new code that performs some of the same basic functions as a file system. Were Apple so inclined, it seems technically plausible, at least, that it could extend this work into a new in-house file system project.

Any new files that you create are automatically encrypted as they are saved to your startup disk. When FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

You can then turn it on again to generate a new key and disable all older keys. Decryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged in to AC power. Click the FileVault tab. Click Turn On FileVault.

How to Encrypt your sensitive files and folders on OS X 10.8 Mountain Lion or later

Choose answers that you're sure to remember. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk. Click Turn Off FileVault. Without a Recovery System, FileVault won't encrypt your startup drive. Learn more.