Manualshelf

Setup guide

ManualsBrandsApple ManualsComputer equipmentMac OS X Panther
100101102103104105106107108109
UNCLASSIFIED
Appendix A -
Encrypting Files and Folders
Appendix
A
Encrypting Files and Folders
As described earlier, Mac OS X’s FileVault feature can be used to encrypt a user’s
entire home directory. However, some situations call for the encryption of
individual files and folders, not simply the entire home directory. The Disk Utility
program shipped with Mac OS X provides the ability to encrypt disk images
containing arbitrary files and folders. Like FileVault, it uses the Advanced
Encryption Standard (AES) with a 128-bit key.
Using Disk Utility
Using Disk Utility is recommended for situations in which either the file system
permissions or FileVault may not be sufficient to guarantee the confidentiality of a
file or folder. Situations in which filesystem permissions no longer protect a file
include:
Transmission of a file over a network using a plaintext protocol such as SMTP
or FTP
Transfer of a file to removable media whose physical security cannot be
guaranteed
Compromise of a computer’s administrator account
The Disk Utility program is located in the folder /Applications/Utilities.
Two methods exist for creating encrypted disk images: a new blank image can be
created, or an image can be created directly from an existing folder or volume. Disk
Utility’s help facility (in the Help menu, choose Disk Utility Help) provides details on
how to create and use these encrypted disk images.
Creating a New, Blank Disk Image With Encryption
Users can add files to blank disk images over a period of time, unlike images created
directly from existing data. The instructions below follow those in the Disk Utility
help section “Creating a blank disk image,” which describes how to create a new
image whose contents can be encrypted. For situations where the threat includes
unauthorized administrator access to the machine, creating an encrypted, blank disk
image before receiving or creating sensitive data is preferred over directly creating
an image from previously existing sensitive data. For example, many application
programs create backups, working copies, or caches of files in the same folder as the
original. If a file has only been created and accessed from the encrypted image, then
these copies will also be protected.
UNCLASSIFIED
89