Posts Tagged ‘encryption’

Secure Portable Flash Drives with Mac OS X

Posted in Mac OS X, Security on 12/06/2007 06:23 pm by jmccune

KeychainI had $15 in expiring gift cards from when I bought my new TV, so I decided to pick up an inexpensive 2gig Flash drive online.

To increase my peace of mind, I decided to store everything important to me in an encrypted disk image on the device. I used the same method I use to create a FileVault image, and then just moved the image file over to the flash disk.

I’ve been really happy with the performance, and it’s great know that WHEN I lose this tiny thing, none of my private and very sensitive information will be accessible to whoever picks it up.

In addition, there’s really no additional barriers to using this encrypted disk image. I store the password to the disk image in my Keychain, and it’s also encrypted with the FileVault Master certificate as an added layer of protection against forgetting my password.

Sparsebundle Password

Finally, even though the following command creates a sparse bundle capable of storing 300 Gigs of data, the Finder will realize the image file lives on a 2 Gig flash drive, and will only display the free space available on the “parent” filesystem.

The command to create the Leopard-only disk image is:

umask 077
export NAME="secure"
hdiutil create -size 300g \
    -encryption -agentpass \
    -mode 0700 \
    -fs "HFS+J" \
    -type SPARSEBUNDLE \
    -layout SPUD \
    -volname "$NAME" \
    "$NAME".sparsebundle;
 

Manually Migrate Tiger FileVault sparseimage to Leopard FileVault sparsebundle

Posted in Leopard, Mac OS X, Solution, System Administration on 11/01/2007 09:23 am by jmccune

So I’m finally running Mac OS X 10.5 Leopard on my portable. I’ve decided to migrate to the new sparsebundle style FileVault image, and here’s how I did it:

First, make sure you’ve created a FileVault master certificate by setting a master password in the Security preference pane.

Manually create the sparse bundle:

umask 077
export NAME="mccune"
hdiutil create -size 300g \
  -encryption -agentpass \
  -certificate /Library/Keychains/FileVaultMaster.cer \
  -uid 502 -gid 20 -mode 0700 \
  -fs "HFS+J" \
  -type SPARSEBUNDLE \
  -layout SPUD \
  -volname "$NAME" \
  "$NAME".sparsebundle;
chown -R "$NAME":staff "$NAME".sparsebundle

Make sure to set the password on the disk image the same as the password used with the user account, otherwise the system won’t be able to decrypt the image from the loginwindow.

Mount the sparsebundle:

hdiutil mount -owners on -mountrandom /tmp -stdinpass "$NAME".sparsebundle

Copy the contents of your home directory:

rsync -avxHE --progress /Users/mccune/ /tmp/dmg.TYSCwg/

After I did the initial pass with rsync, I logged out of my user account, and logged in using the administrator account in order to run the rsync process a second time, while my profile was in a steady state.