This article originally appeared in TidBITS on 2010-04-11 at 5:29 a.m.
The permanent URL for this article is:
Include images: Off

An Introduction to File Encryption in Mac OS X

by Joe Kissell

Last year, in between writing Take Control books and Macworld articles, I managed to squeeze in another little project - writing the 900-page "Mac Security Bible," published in January 2010 by Wiley. Although Rich Mogull is the real staff expert when it comes to Mac security, I've also written a good deal on the subject, including Take Control titles dealing with backups, spam, and passwords. This new book is a compendium of everything a typical (or even advanced) Mac user might want to know on a wide range of security topics.

This article is an excerpt from Chapter 13, "Encrypting and Securely Deleting Files," reprinted with the kind permission of Wiley. File encryption is of course just one tiny piece of the security puzzle, but it's worth knowing about if you keep confidential data on your Mac, especially if the computer is ever out of your physical control - which would include being lost or stolen.

Think about it this way: Would it bother you or any of your friends or family if the entire contents of your Address Book were made public? Would you be disturbed to know that a stranger could see years' worth of your family photos, read all your email, and discover every Web site you've visited in the past month? Even the least secretive of us would probably agree that all this sounds pretty creepy, and that we have good reasons to keep private information private.

The way to keep your data safe while it's sitting on your hard disk is to encrypt it - to scramble it in such a way that it looks like garbage to anyone without your password or key. Encryption comes in many forms, some of which are almost trivially easy to use, and others that require extra thought and effort. The chapter from which this article is excerpted explores a variety of different approaches to encrypting some or all of your files.

Encryption Algorithms -- An encryption algorithm, also known as a cipher, is a particular method for encrypting data - a sort of mathematical formula that takes the input (sometimes called cleartext), processes it using a secret piece of information (a key), and produces encrypted output (sometimes called ciphertext). Over the centuries, countless thousands of encryption algorithms have been developed, ranging from the extremely simple to the breathtakingly elaborate. In the modern computing world, you're likely to run into at least a half-dozen common ciphers considered especially well-suited for encrypting and decrypting data on your Mac.

Two factors influence how secure (resistant to being broken) an encryption algorithm is. First is the design of the algorithm itself. Some have weaknesses or design flaws that could enable an attacker to decrypt data even without knowing the key. The other factor is the complexity of the key. If you use the world's most complex and powerful cipher but give it a simple key, such as the word "cat," it becomes quite easy for someone to figure out how to decrypt your data. The best results come from combining solid, reliable algorithms with long, random keys.

I could spend many pages simply listing encryption algorithms and their variants, but I want to briefly acquaint you with just a few especially common ones:

Passwords and Keys -- As previously mentioned, a key is a piece of information that a cipher uses to encrypt (and decrypt) data. If you encrypt two copies of the same data with identical ciphers but different keys, the resulting ciphertext is different; likewise, if you use the same key to encrypt two copies of some data with different ciphers, the results are different.

One form a key can take is a password (or passphrase). In other words, feed your password into an encryption algorithm to encrypt some data; then use the same password later to decrypt it. This example assumes a system in which the same key is used both for encryption and for decryption - a symmetric cipher. Asymmetric, or public-key, ciphers use one key to encrypt data and another one to decrypt it. A key can also be, among other things, a string of data stored on a token, a smart card, an electronic key, or another device.

An algorithm's key length is the longest key it can use. So, AES-128 can use a key that's 128 bits long. For those of you unaccustomed to thinking in binary, that translates to 16 characters. Likewise, a 256-bit key can be up to 32 characters in length.

When you choose a password for encrypting data, most encryption algorithms don't use the password itself as the key. Behind the scenes, the algorithms run your password through some mathematical functions that turn it into a number with the maximum key length the algorithm supports. This is done partly to protect your password from discovery (even if the key is cracked) and partly to make sure the key has exactly the right number of bits. If a cipher uses a 128-bit key but I enter an 8-character (64-bit) password, the software performs its magic to give itself a longer and more secure key to work with. That means if someone attempts to break the encryption by trying every key, that person has a much wider range of possibilities to test. But if, instead, that person tries to break the encryption by testing passwords directly (running each one through the necessary process to derive a key), he or she might break the encryption sooner.

On the other hand, if I enter a password that's longer than the supported key length (say, a 20-character password for a 128-bit cipher), the software typically discards the extra characters before deriving its key. The result would be that an attacker trying to decrypt my files by trying all possible password combinations would have just as much trouble as someone trying all possible key combinations.

The upshot of all this is that it's to your benefit to choose a password that's as long as possible - but no longer than the maximum key length supported by the algorithm you use. If you use 56-bit DES, a 20-character password is no safer than a 7-character password. However, with AES-256, a 32-character password is exponentially safer than a 31-character password!

For any given encryption algorithm, longer keys (and therefore, to a point, longer passwords) are more secure. However, as I stated earlier, not all algorithms are created equal. That means key length alone doesn't tell the whole story; one algorithm's 128-bit keys might be, in practice, just as secure as another's 256-bit keys if the 256-bit algorithm has flaws that reduce its effective strength. In other words, given the choice of a longer key length with a given algorithm, you should take it; but don't assume that cipher A is stronger than cipher B just because the former uses longer keys. For all practical purposes, any modern cipher with 128-bit or larger keys is secure against all but the most determined attacks - assuming you've chosen a good password.

Choosing What to Encrypt -- How much you encrypt or whether you encrypt anything at all depends on several factors, including where you use your Mac, how sensitive the information on it is, what other security measures you've taken (protecting against theft, for example), and what your tolerance for inconvenience is.

Needless to say, the greater the confidentiality of your data and the less physically secure your Mac is, the more important it is to encrypt data. But you shouldn't overlook the convenience factor. In general, the larger the unit of data you encrypt, the more convenient it is in the long run. That is, it's less bother (in some senses, at least) to encrypt your entire disk than to encrypt just your home folder; it's less bother to encrypt your home folder than to encrypt a conventional folder; and it's less bother to encrypt a folder than to encrypt a single file. That may all sound counterintuitive, but it has to do with things such as the amount of manual effort required to encrypt and decrypt files and how often you have to type a password.

However, also keep in mind that how and when you use encryption depends on context. For example, in some situations, it may not make sense to encrypt even a very sensitive file when it's sitting on your hard disk, but if you transfer it to a flash drive to take it with you somewhere or if you send it to someone via email, FTP, or some other method, encryption suddenly becomes quite important because you lose the security otherwise provided by your normal computing environment.

With those thoughts in mind, consider the following units of data you could potentially encrypt, all of which are elaborated on in the full chapter:

As I describe in the book, there are good arguments for choosing any point along this continuum. The way you go about encrypting data depends on how much you want to encrypt and what combination of features and trade-offs works best for you.

Encryption Pitfalls and Misunderstandings -- Encryption can sound like a magical process that makes your data impervious to discovery. But merely encrypting something doesn't necessarily make it safe. Encryption involves a number of potential holes and hidden dangers, and if misused (or trusted indiscriminately), it can cause more problems than it solves. Before you embark on an encryption crusade, however worthwhile your ultimate objective may be, keep in mind the following possible gotchas.

Forgetting the Originals: In most cases, when you encrypt a file, you actually create an encrypted copy of the file, leaving the original intact. Even encryption programs that automatically delete the original after encrypting it often do so in such a way that the unencrypted file could later be recovered. Later in the chapter from which this excerpt is taken, I discuss secure deletion as a way to solve this problem.

Leaving Files Unlocked: Encryption protects data on your disk only when it's not actively in use. For example, your keychain is encrypted, but when you unlock it, you (or someone else) can freely access its contents until you lock it again or it locks on its own (based on your preferences). Similarly, if you encrypt a disk image, it's safe as long as it's closed, but when you mount it, its files become available to anyone with access to your computer. Therefore, you should always close, unmount, or lock encrypted files when they're not actively in use.

Choosing an Insecure Password: Poorly chosen passwords are the Achilles heel of any encryption system. Longer, random (or seemingly random) passwords do a vastly better job at protecting your data than short or easily guessable passwords.

Forgetting Your Password: The flip side of choosing an insecure password (which might let someone else get at your data) is choosing a great password but then forgetting it (which prevents you from seeing your own data). If you're not sure you can remember your passwords, store them in your keychain or in a third-party password management program.

Not encrypting everything that needs protection: If you're working on a secret business plan or composing an illicit love letter, it's easy to see why that one particular file should be encrypted. But one of the most common mistakes in data security is overlooking data that may not appear, at first glance, to be confidential but which can contain extremely sensitive information. Here are some examples:

Encrypting Individual Files and Folders -- The most basic approach to encryption is to apply it only to the particular items that are especially sensitive. Although it would be extremely awkward to individually encrypt each file you use on a daily basis, encrypting specific files or folders makes sense when sending the info over the Internet (by email, FTP, or otherwise) or if you're using any other unencrypted transmission or storage method, such as employing a flash drive, external hard drive, or optical disc to move files from one location to another.

As mentioned earlier, it's important to remember that when you encrypt a file or folder, you actually create an encrypted copy, leaving the original intact and unencrypted. The same is true if you decrypt a file or folder, modify it, and then re-encrypt it. Therefore, the safest practice to follow after encrypting something is to securely delete the original; for example, by dragging it to the Trash and choosing Finder > Secure Empty Trash.

If this is the sort of encryption you want, you have many tools to choose from. Mac OS X includes command-line utilities that can encrypt files (as described in just a moment), although they're not terribly convenient to use. Numerous third-party vendors offer easy-to-use alternatives, with a wide variety of encryption algorithms, interfaces, and extra features. Regardless of which type of program you use to encrypt your files, consider the following factors when choosing an encryption tool:

Encrypting Files on the Command Line -- You can encrypt individual files using the openssl program included with Mac OS X, as long as you don't mind getting your hands dirty on the command line. Basic instructions follow; for more detail, enter "man openssl" in Terminal.

To encrypt a file with openssl, follow these steps:

  1. Open Terminal (in /Applications/Utilities).
  2. Choose an encryption algorithm. Openssl supports dozens of ciphers, and your choice is significant in that you must know which cipher was used to encrypt a file when you want to decrypt it later. To get a list of available ciphers, enter "openssl list-cipher-commands". In this example, I use des3 - that is, Triple DES.
  3. Enter the following line. Substitute des3 with your preferred cipher. The first filename is the name of the file you're encrypting, and the second filename is the name of the resulting, encrypted file.
  4. openssl enc -des3 -salt -in filename -out filename.enc

  5. When prompted, enter and confirm the password. Openssl immediately encrypts the file.
  6. To decrypt the file later, enter the line below. Again, substitute des3 with your preferred cipher, and replace the filename references with the actual filenames.
  7. openssl enc -d -des3 -in filename.enc -out filename

  8. When prompted, enter the password used to encrypt the file.

Encrypting Files and Folders with Third-Party Software -- Of the many Mac OS X applications that can encrypt individual files and folders, I've selected a small sampling to give you an example of your options:

There's another category of software that can encrypt individual files and folders, but instead of storing them separately on disk, it stores them in a proprietary container, sometimes known as a vault. Often, such programs are used to secure not only files but notes, passwords, credit card numbers, and other random snippets of information. Obviously, such programs are more appropriate for securing data for your own use than for sending it to others. Two examples of software in this category are:

More Encryption and Beyond -- That's just the beginning of what I cover in the chapter on encrypting files. I go on to discuss working with encrypted disk images, using FileVault, encrypting an entire disk, using hardware-encrypted drives, securely deleting files, securely erasing disks, and recovering deleted files.

And, of course, encryption is only one of a great many topics pertaining to Mac security that I explore in the book. It also includes complete details on secure email, chat, and Web browsing; protecting your Mac against malware; network security; sharing your Mac's resources safely; securing Mac OS X Server; and dozens of other subjects. If you're interested in Mac security and want the ultimate all-in-one reference, I think you'll find the "Mac Security Bible [8]" to be a valuable reference. The retail price of the book is $49.99; offers it for $31.49 at the moment.