Godfrey, I like your suggestion. I'll give it a try, though I probably won't have time until next week. I'll let you know how it goes.
Thanks much! Cheers, Rick http://photo.net/photos/RickW --- On Mon, 7/6/09, Godfrey DiGiorgi <[email protected]> wrote: > From: Godfrey DiGiorgi <[email protected]> > Subject: Re: OT - Encryption on a Mac > To: "Pentax-Discuss Mail List" <[email protected]> > Date: Monday, July 6, 2009, 8:59 PM > On Mon, Jul 6, 2009 at 9:08 AM, Rick > Womer<[email protected]> > wrote: > > > > In the land of Winblows XP, one can right-click on a > folder, select "Encrypt", and it is quickly encrypted using > one's system password. Encryption and decryption are > transparent; so for example I encrypted my email files, and > they worked just as though they weren't encrypted. When > anyone else logged onto my computer, though, they were just > gibberish. > > > > I cannot find, anywhere, a similar function for Mac OS > X. "File Vault" encrypts the entire account, and makes > backing up very difficult. "True Crypt" does the same. > MEO makes self-extracting encrypted archives, but one has > to extract them every time one wants to use them. Disk > Utility makes encrypted images, but one must deliberately > open them and close them with every use. > > > > So, does anyone know of a transparent, on-the-fly > encryption program for Mac? Or is this the first way I > have found that OS X is inferior to Winblows? > > There are always plusses and minuses to on-the-fly > encryption systems > and how they interact with backup systems. So far, Apple > has delivered > the FileVault security solution, which encrypts the entire > account as > a disk volume and proves to have its issues with Time > Machine. I've > only used it in testing and didn't like the issues it > presented so I > don't use it. > > I don't know of a third party utility that does this > exactly the way > the Windows XP encryption facility you describe does. > > A security solution for Apple's Mail.app and other files I > want to > store securely I've used is a variant on the use of > encrypted disk > images that Scott pointed you to. I haven't done this with > Leopard and > Time Machine yet so it might be worthwhile to test it in a > new account > just to be sure it does what you wish. > > - Create an encrypted disk image of whatever size you need > for your > intended documents, email, email attachments, etc. * > > - In System Preferences, Accounts, click on the "Login > Items" tab in > your account and add the disk image to the list of files > which will be > opened when you login to your account. > > * Note that when you created the disk image, if you click > the option > to include the password in your KeyChain it will not > require that you > type in a separate login when you login to your account. > This is less > secure ... anyone who can login to your account can get to > the > contents of your encrypted disk image. If you do not > include it in > your keychain, you'll need to input the password when you > login to > your account separately. > > - Now, with Mail.app NOT running, copy the folders > ~/Library/Mail and > ~/Library/Mail Downloads to the mounted encrypted volume > ... I'd > organize them under a folder named Library just for > consistency's > sake. Once they are there, delete them from ~/Library > (that's the > Library directory in your account home folder, by the way) > and then > drag an alias of them back to the ~/Library folder from the > encrypted > volume. What this is doing is allowing Mail to work as > normal but when > it accesses Mail and Mail Downloads, it's simply writing to > the > encrypted volume instead of into its normal location in > your account. > (To drag an alias of a file or folder to another location, > hold down > the Command and Option keys while you drag the item in the > Finder. > Aliases store the file id and location of the source ... > anything > using the file system calls is transparently redirected to > the source. > > - Similarly, when you wish to put files into the encrypted > volume, > create a folder in the encrypted volume and drag an alias > to your > Documents or whereever else is convenient for you to access > those > files and folders. > > When the encrypted volume is mounted, I think you can add > it to Time > Machine to include in its backup strategy and it will > continue to work > as normal this way, when it's not mounted the volume > contents backup > will simply be bypassed and the disk image file backed up > in its > entirety as normal. > > It's a strategy that takes a bit more setup but I think it > might do > what you want. It provides that extra level of isolation > and security > from other accounts that just file permissions doesn't. Of > course, if > you don't log-out of your account or use a password screen > locking > setup, it's or if your system autoboots into an account > with > administrator privileges, I wouldn't bother with doing > encryption at > all ... you're basically leaving it open to anyone who > knows a little > bit about computers to access everything you've got. > > You can also obtain an authentication key and attach it to > a Mail > account, sending and receiving emails that are encrypted on > the fly > with PGP and other encryption mechanisms. This provides far > more > security for your sensitive emails on a very fine-grained > basis: each > signed/encrypted email is individually protected such that > only the > key holders can access them. > > BTW, Scott: > > Mac OS X has been automatically capable of recognizing > multibutton > mouse pointing devices since its introduction on March 24, > 2001, and > similarly has "right-button" or contextual menus embedded > throughout > the system and applications. All Apple systems have shipped > with > multiple button capable mice for years now. > > I personally dislike multibutton mice, however, so I turn > off all but > the single-button configuration and use the control-click > mechanism > instead to access contextual menus. It gives me more > positions to work > the mouse with and I don't accidentally hit the contextual > menu > choices. > -- > Godfrey > www.gdgphoto.com > www.flickr.com/photos/gdgphoto > www.twitter.com/godfreydigiorgi > > -- > PDML Pentax-Discuss Mail List > [email protected] > http://pdml.net/mailman/listinfo/pdml_pdml.net > to UNSUBSCRIBE from the PDML, please visit the link > directly above and follow the directions. > -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
