Encrypting Disk Images
Encrypted disk images are a perfect way to transport data on external media, save files to removable media, and protect files on shared systems. FileVault does not protect files transmitted over the network or saved to removable media. However, Mac OS X Server includes utilities for encrypting disk images. Using a serverbased encrypted disk image provides the added benefit of encrypting all network traffic between the computer and the server hosting the mounted encrypted disk image.
You can create a read-write or sparse image to encrypt and securely store data. A read-write image takes up the entire space that was defined when the image was created. For example, if the maximum size of a read-write image is set to 10 GB, then that image will take up 10 GB of space even if it contains only 2 GB of data.
A sparse image will only take up the amount of space containing data in the image. For example, if the maximum size of a sparse image is10 GB and the data contained in it is only 2 GB, it will occupy only 2 GB of space. Creating an encrypted image from existing data copies the data from an unprotected area into the encrypted image. If the data is sensitive, it is better to create the image prior to creating the documents, because the working copies, backups, or caches of files would all be created in the encrypted storage from the start.
To create a new encrypted disk image, use hdiutil. The following is an example that creates a 1 GB sparse image named secure_files.sparseimage:
hdiutil create -size 1G -encryption -type SPARSE -fs HFS+ secure_files.
A sparse image can expand as data in the image grows. To create a fixed-size image, simply leave off the -type SPARSE switch.
You can also create a disk image from the contents of an existing folder. This is accomplished with the hdiutil -srcfolder create subcommand. Here’s an example command that creates an encrypted disk image named sales_2008.dmg from an existing folder named 2008:
hdiutil create -encryption -srcfolder /Volumes/Sales/2008 -fs HFS+ sales_2008