How to use Disk Utility in macOS to protect your sensitive data

Posted:
in macOS edited October 2020
Practically everyone has files or folders they keep on their Mac that they don't want anyone else to access. AppleInsider explains how to keep these files secure by turning a folder into a protected disk image, one that keeps the documents encrypted and requiring a password to read.




People are generally OK with the idea of having various important documents stored on their Mac, and are quite happy with existing protection built into macOS, including using FileVault to encrypt drives and even just having a password to access the user account in the first place.

However, users may feel some items are too important to not apply some extra level of security. This can range from needing to secure work-related folders that need to be sent to another user, to adding extra protection to birth certificate and passport scans, to keeping embarrassing childhood photos out of view from other members of the family who may sometimes borrow the same user account.

A solution to this is to use Disk Utility to create a disk image, one that is password protected and encrypted, from a folder.

Creating the Image

Open up Disk Utility, which can be found in the Applications folder, under Utilities. Alternately, use the search function in Finder to search "This Mac" for Disk Utility.



In the Disk Utility menu, select File, New Image, then Image from Folder..., or use the keyboard shortcut Shift-Command-N. In the following dialog box, select the folder you wish to protect, and click Open



A new dialog box will appear with a number of options available for creating the disk image. At the top, you can change the name of the disk image to something more appropriate to its contents instead of using the folder name by default, and where you want it to be initially saved.

Under the Image Format dropdown box, select Read/Write to be able to change files held within the image once it is created. If you don't want any changes made to the files in the folder at all, or new files to be added, select Read-Only.




Under Encryption, select either 128-bit or 256-bit AES encryption. As indicated in the dropdown box, selecting 256-bit is more secure but will be slower to access compared to 128-bit, so select this only if required.

Enter your desired password twice.



Once the settings are entered, click Save, then Done once the application has completed the image.



At the location defined in the settings, you will find a new DMG file with the name entered during the process.


Accessing the Image

Your new secure image is used in a similar way to other images. To access the files within, the image needs to be mounted.

Double click the image to mount it. A dialog box will appear asking for the password, which needs to be filled out followed by clicking OK.




A tickbox below the password entry textbox offers to save the password to the Keychain. Depending on what's stored, and if anyone else has access to the same Keychain by using the same user account, it is probably not a good idea to tick this box.

Once the right password is entered, the image will mount, and the files will be accessible.




The folder will not need the password again while the image is mounted, but will require it when the image is unmounted.

To unmount, right-click the mounted image and select Eject.



Further Notes

After creating the image, it is tempting to delete the source folder and its contents. Before doing so, it is suggested to make sure the image functions as planned, and if necessary, checking there is a securely-held backup of the files.

The same process can also be used to create other types of disk images, like a read-only image to distribute a set collection of files or an application. To create an image that isn't secured with a password, simply do not select either of the encryption options.
Alex1Nrazorpit

Comments

  • Reply 1 of 12
    jas99jas99 Posts: 65member
    I've been using this approach for many, many years. It works well.
    I suggest using the sparse bundle option, as it grows in size as you add files, taking less space than the other formats which reserve the maximum size you set when creating the disk image.
    Alex1N
  • Reply 2 of 12
    Mike WuertheleMike Wuerthele Posts: 6,319administrator
    jas99 said:
    I've been using this approach for many, many years. It works well.
    I suggest using the sparse bundle option, as it grows in size as you add files, taking less space than the other formats which reserve the maximum size you set when creating the disk image.
    We didn't suggest sparse bundles at this time because of the difficulty some backup utilities have with them. We'll keep looking at it going forward.
    Alex1Nrazorpit
  • Reply 3 of 12
    avon b7avon b7 Posts: 5,959member
    I've been using this method for years too. Back when I was on dialup I deliberately set a 650MB disk image for my text based sensitive information just to slow down any remote attempt to pull it off my system.
  • Reply 4 of 12
    I also have been using this solution for ages. As already mentioned, I prefer the sparse bundle option.

    Incidentally, that was the one thing I was hoping APFS would change in my workflow. That I’d be able to encrypt folders, directly over the file system, with no need to create dedicated images.
  • Reply 5 of 12
    bluefire1bluefire1 Posts: 1,188member
    Can pictures in the photo app also be secured/encrypted?
  • Reply 6 of 12
    MacProMacPro Posts: 19,426member
    jas99 said:
    I've been using this approach for many, many years. It works well.
    I suggest using the sparse bundle option, as it grows in size as you add files, taking less space than the other formats which reserve the maximum size you set when creating the disk image.
    We didn't suggest sparse bundles at this time because of the difficulty some backup utilities have with them. We'll keep looking at it going forward.
    Three words solve that issue ...  Carbon Copy Cloner :)
    ivanhAlex1N
  • Reply 7 of 12
    fastasleepfastasleep Posts: 5,840member
    bluefire1 said:
    Can pictures in the photo app also be secured/encrypted?
    Huh? You could move those out of the Photos Library and treat them like any other file in this tutorial, but this has nothing to do with securing photos within the Photos app.
  • Reply 8 of 12
    glee217glee217 Posts: 15member
    So the exact steps works for external usb drives?
  • Reply 9 of 12
    glee217glee217 Posts: 15member
    Just created a pw for my thumb drive in exfat and was curious if this drive now would work on Windows as well by entering pw? Or is this only Mac?
  • Reply 10 of 12
    This process worked great for me... until it got backed up to the icloud... now i have a file that is a .dmg.icloud and I can't open it... at all!

    Double clicking opens up the Mac terminal.

    If I open the file with the click path:

    Applications>Utilities>Disk Utility

    I get popup error:

    The document “filename.dmg.icloud” could not be opened. Disk Utility cannot open files in the “iCloud synchronization file” format.

    🧐🤔

    Apple's Dev’s and tier 3 Tec Support were baffled.


    Anyone know how i can open the folder again?

  • Reply 11 of 12
    MplsPMplsP Posts: 3,434member
    I’ve been using a utility called boxcryptor for several years - it allows real time encryption on cloud drives (iCloud, Dropbox, etc) It’s not quite as secure as having a file in an encrypted image until you need to access it, but it’s close and much more convenient. 
  • Reply 12 of 12
    MarvinMarvin Posts: 14,615moderator
    Lady_Bab said:
    This process worked great for me... until it got backed up to the icloud... now i have a file that is a .dmg.icloud and I can't open it... at all!

    Double clicking opens up the Mac terminal.

    If I open the file with the click path:

    Applications>Utilities>Disk Utility

    I get popup error:

    The document “filename.dmg.icloud” could not be opened. Disk Utility cannot open files in the “iCloud synchronization file” format.

    🧐🤔

    Apple's Dev’s and tier 3 Tec Support were baffled.


    Anyone know how i can open the folder again?

    If you have "optimize storage" turned on in system prefs > iCloud > iCloud Drive (options), it offloads some files to iCloud and replaces them with .icloud files:

    https://www.sync.com/help/why-do-my-files-have-an-icloud-extension/

    Unchecking the box for optimize storage should sync the original files. There may be a download option in the right-click menu on the file. The drive will need enough free space to download it, the Mac will need to be signed into the same iCloud account the file was originally synced with and the file will still need to exist on that iCloud drive.

    There seems to be an issue if DropBox is used too:

    https://www.macfilos.com/2017/06/09/2017-6-5-icloud-drive-the-danger-with-optimised-storage-file-placeholders/
    https://discussions.apple.com/thread/8510284

    Apparently if the .icloud files are synced and moved to a different service, iCloud thinks they've been deleted and deletes the original from the server (recoverable within 30 days). DropBox only backs up the alias so when it restores the alias, there's no original.

    iCloud Drive behaves a bit unintuitively. If it's turned off, the default prompt is to delete the files from the Mac:

    https://discussions.apple.com/thread/8061557

    I'd expect the default option would be to leave the Mac as it is, stop syncing with iCloud and restore any unsynced files.
Sign In or Register to comment.