Instructions For Setting Up An Encrypted Disk Image
A disk image is a file on your Mac’s hard drive that acts like a disk that you can read/write to. These files have the .dmg file extension and are "mountable" by double-clicking on them. Once mounted, they appear like a USB key or other external drive would. Disk images are very common on Macs, especially when distributing software, but they can also be used as a container to store sensitive data. Follow these steps to create your own encrypted disk image.
- Start Disk Utility (Applications -> Utilities folder).
- Click on “New Image”.
- Under "Save As", type in the name you want for the image file.
- Use the drop down next to "Where" to choose where to save the image file.
- Under "Volume Name", type in the name of the image that will appear in the drive list once it is mounted.
- Select the size of the disk image in the “Volume Size” drop down menu. Select a predefined size or select “Custom” and enter your own size.
- Leave "Volume Format" as Mac OS Extended (Journaled).
- In the “Encryption” drop down menu, select “AES-128 (recommended)”. In Mac OS X 10.5 (Leopard) you will also be able to select 256-bit AES encryption, which is slower but more secure than 128-bit.
- Leave "Partitions" as default.
- In the “Image Format” drop down menu, choose either “read/write disk image” or "sparse image". The former will create an image that is the size you specify at all times, while the latter will only be as large as the data that is in it and will "grow" when more data is added.
- Click the “Create” button.
- Next you will be prompted to enter a password. This is the password used to access your sensitive data so make sure it is a strong password. You have the option of remembering the password in your keychain, but for the highest security you should NOT choose this.
Your encrypted disk image is now ready to be used. It only needs to be mounted when you need to use the secure files. It is good practice to unmount the image when it is not in use so that even if someone gains access to your computer, they will not immediately have access to your sensitive files.
*NOTE* When moving data into the encrypted disk image, it is important to be aware of the original unencrypted documents. Once files have been copied to the encrypted area, you want to delete the original copy that is unencrypted. Normal "trashing" of these files can leave copies that are still accessible outside of encryption. To ensure that the data is completely removed, follow this "Secure Erase" procedure:
- Drag all files you want to securely erase to the Trash.
- Choose Finder -> Secure Empty Trash.