Security is always possible but has rarely been easy. Storing unencrypted files and folders is much simpler and more compatible than going through the effort to use encryption. But the recent security flub at Dropbox set me looking for a secure way to store data there. Here’s a quick and easy way to create a secure, Dropbox-compatible disk image for Mac OS X.
Dropbox-Friendly
You might also want to read Keep Multiple Macs in Sync with Dropbox and Compression, Encryption, Deduplication, and Replication: Strange Bedfellows
Yesterday, “Storagemistress” suggested a method of securely hiding … “stuff” … using the excellent open-source software, TrueCrypt. This has the advantage of cross-platform compatibility and obfuscation (she suggests using a movie title as “cover”) but isn’t all that Dropbox friendly. Change one bit in that file, and the whole thing will have to be re-synced.
Mac users have a great alternative method: The SparseBundle. This has a few advantages over monolithic disk images:
- SparseBundles are thin provisioned, growing as data is added and only taking up as much space as is actually used (to the nearest 1 MB), while conventional disk images are entirely provisioned when they are created.
- SparseBundles store data in 1 MB “bands” that can be independently synchronized with rsync or Dropbox, as opposed to conventional images that are stored as a single file.
These two elements make SparseBundles excellent for securing valuable data while protecting it off-site. Dropbox loves the 1 MB bands, and I feel better knowing my data is encrypted in case the service has another “oops” moment.
Create Your SparseBundle
Creating a SparseBundle Disk Image is fairly straightforward. Note that this only works in Mac OS X 10.5 “Leopard” and newer releases.
- Launch Disk Utility – I like to just type that into Spotlight, but it’s in Applications/Utilities
- Click “New Image” as seen in the image at the top of this post
- Give your SparseBundle a file name in “Save As” and locate it in a folder (e.g., your Dropbox folder!)
- Enter a friendly name for the disk image – this can be the same or different from your file name
- We’ll leave “Format” and “Partitions” untouched
- Click the dropdown menu for “Size” and select “Custom” to enter a custom maximum file size
- Click “Encryption” to enable 128- or 256-bit encryption
- Click “Image Format” and select “sparse bundle disk image”
- Now click “Create” to start the image process
- Since we selected encryption, a new dialog box will appear asking for a password – this is what you will enter every time you use this image, and Apple helpfully rates your password strength for you
- Click “Ok” and you’re done – the bundle will mount as a new drive
As you add and remove files from this disk image, they will be encrypted and stored in 2 MB “slices” (actually files in a directory). These work great with Dropbox, Rsync, and many other utilities.
This image can be mounted on any Mac, provided the password is known. But don’t try to mount it on more than one machine simultaneously!
Note: If you want to obscure these files, you can rename the SparseBundle. It won’t be usable from Finder, but you can still mount it from the command line using hdiutil. But it’ll be a directory of equal-sized files, so you won’t fool anyone who knows what they’re doing.
Stephen’s Stance
Encryption is an important tool for individuals regardless of what they’re storing. Given the recent security failings of Dropbox, I highly recommend using methods like this to secure your important data before using the service!