Issue: I have secrets. How can I safely store them on a computer disk or on a USB flashdrive?

Solution: In Mac OS X, you can create an encrypted, password-protected disk image (i.e., a .dmg file). This disk image can be opened and mounted (provided you know the password) to access the files stored within. After mounting, existing files can be opened and/or removed from the disk image, and/or new files can be added to it (up to the pre-set size limit of the disk image). The disk image can then be unmounted and will return to its encrypted, password-protected state. Disk images can be stored on your computer's disks or copied to a USB flashdrive or other external storage medium. This encrypted disk image will only work on Mac OS X systems.

Creating an Encrypted Disk Image:

1. Start Disk Utility (located in /Applications/Utilities/.
2. Select File→New→Blank Disk Image to pull up the New Blank Image dialog box.
3. Enter a name for the .dmg file in the Save As field.
4. Select the save destination (“Where” pull-down menu).
5. Enter a name in the Name field (“Volume Name” in Snow Leopard and earlier). This is the name that will be assigned to the opened disk image once it is mounted (i.e., the name that will show up in /Volumes). This can be the same or different from the name of the .dmg file. The default value is “Disk Image”.
6. Select a size for the disk image file from the Size menu (“Volume Size” in Snow Leopard and earlier). The disk image will take up this amount of disk space no matter how many files are actually stored in it, but you do not need to fill up the disk image. You also cannot exceed this volume size when adding files to the disk image. (“Sparse disk images”, which increase in size up to a pre-set limit as files are added to them, are not covered in detail here. Note, however, that while a sparse disk image will increase in size up to its pre-set limit as new files are added to it, it will not decrease in size when files are removed from it.)
7. Choose a volume Format; “Mac OS X Extended (Journaled)” is recommended.
8. Choose “128-bit AES” (Mac OS X 10.4 or later) or “256-bit AES” (Mac OS X 10.5 or later) from the Encryption menu. The 256-bit encryption option offers the highest level of security.
9. Select “Single partition - Apple Partition Map“ from the Partitions menu.
10. Choose an Image Format; “read/write disk image” is recommended, but you can choose “sparse disk image” if desired (see above).
11. Click the Create button.
12. The password entry dialog window will appear. Enter and verify a good password. By default, this password will be saved in your keychain, or you can deselect “Remember password in my keychain” (“Remember password (add to keychain)” in Snow Leopard and earlier). I recommend the latter for highest security; note, however, that if you cannot remember your password in the future, then there is no way to open the encrypted disk image.
13. Click OK in the password entry dialog window.

Using an Encrypted Disk Image:

1. When you initially create an encrypted disk image, it will be open and mounted, ready for use. To open a previously created encrypted disk image, double-click on its icon in a Finder window and enter the password when prompted.
2. Double-click on the disk image icon on the Desktop, or click on its small icon in the Devices pane of a Finder window. This will open a Finder window showing the contents (if any) of the disk image.
3. Open, add, and/or remove files as desired.
4. When finished, drag the disk image icon on the Desktop to the Trash (which will switch to the Eject icon) or click on the eject icon next to the disk image in the Devices pane of a Finder window. This will close and unmount the encrypted disk image – your secrets are safely hidden again.

OS Version Compatibility: Lion, Snow Leopard, Leopard, Tiger

Update Status: 05 February 2012