On Mon, Jul 6, 2009 at 9:08 AM, Rick Womer<[email protected]> wrote: > > In the land of Winblows XP, one can right-click on a folder, select > "Encrypt", and it is quickly encrypted using one's system password. > Encryption and decryption are transparent; so for example I encrypted my > email files, and they worked just as though they weren't encrypted. When > anyone else logged onto my computer, though, they were just gibberish. > > I cannot find, anywhere, a similar function for Mac OS X. "File Vault" > encrypts the entire account, and makes backing up very difficult. "True > Crypt" does the same. MEO makes self-extracting encrypted archives, but one > has to extract them every time one wants to use them. Disk Utility makes > encrypted images, but one must deliberately open them and close them with > every use. > > So, does anyone know of a transparent, on-the-fly encryption program for Mac? > Or is this the first way I have found that OS X is inferior to Winblows?
There are always plusses and minuses to on-the-fly encryption systems and how they interact with backup systems. So far, Apple has delivered the FileVault security solution, which encrypts the entire account as a disk volume and proves to have its issues with Time Machine. I've only used it in testing and didn't like the issues it presented so I don't use it. I don't know of a third party utility that does this exactly the way the Windows XP encryption facility you describe does. A security solution for Apple's Mail.app and other files I want to store securely I've used is a variant on the use of encrypted disk images that Scott pointed you to. I haven't done this with Leopard and Time Machine yet so it might be worthwhile to test it in a new account just to be sure it does what you wish. - Create an encrypted disk image of whatever size you need for your intended documents, email, email attachments, etc. * - In System Preferences, Accounts, click on the "Login Items" tab in your account and add the disk image to the list of files which will be opened when you login to your account. * Note that when you created the disk image, if you click the option to include the password in your KeyChain it will not require that you type in a separate login when you login to your account. This is less secure ... anyone who can login to your account can get to the contents of your encrypted disk image. If you do not include it in your keychain, you'll need to input the password when you login to your account separately. - Now, with Mail.app NOT running, copy the folders ~/Library/Mail and ~/Library/Mail Downloads to the mounted encrypted volume ... I'd organize them under a folder named Library just for consistency's sake. Once they are there, delete them from ~/Library (that's the Library directory in your account home folder, by the way) and then drag an alias of them back to the ~/Library folder from the encrypted volume. What this is doing is allowing Mail to work as normal but when it accesses Mail and Mail Downloads, it's simply writing to the encrypted volume instead of into its normal location in your account. (To drag an alias of a file or folder to another location, hold down the Command and Option keys while you drag the item in the Finder. Aliases store the file id and location of the source ... anything using the file system calls is transparently redirected to the source. - Similarly, when you wish to put files into the encrypted volume, create a folder in the encrypted volume and drag an alias to your Documents or whereever else is convenient for you to access those files and folders. When the encrypted volume is mounted, I think you can add it to Time Machine to include in its backup strategy and it will continue to work as normal this way, when it's not mounted the volume contents backup will simply be bypassed and the disk image file backed up in its entirety as normal. It's a strategy that takes a bit more setup but I think it might do what you want. It provides that extra level of isolation and security from other accounts that just file permissions doesn't. Of course, if you don't log-out of your account or use a password screen locking setup, it's or if your system autoboots into an account with administrator privileges, I wouldn't bother with doing encryption at all ... you're basically leaving it open to anyone who knows a little bit about computers to access everything you've got. You can also obtain an authentication key and attach it to a Mail account, sending and receiving emails that are encrypted on the fly with PGP and other encryption mechanisms. This provides far more security for your sensitive emails on a very fine-grained basis: each signed/encrypted email is individually protected such that only the key holders can access them. BTW, Scott: Mac OS X has been automatically capable of recognizing multibutton mouse pointing devices since its introduction on March 24, 2001, and similarly has "right-button" or contextual menus embedded throughout the system and applications. All Apple systems have shipped with multiple button capable mice for years now. I personally dislike multibutton mice, however, so I turn off all but the single-button configuration and use the control-click mechanism instead to access contextual menus. It gives me more positions to work the mouse with and I don't accidentally hit the contextual menu choices. -- Godfrey www.gdgphoto.com www.flickr.com/photos/gdgphoto www.twitter.com/godfreydigiorgi -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
