Dave, I’ve recently bought a little USB flash drive and am finding it is a great way to transport files between my office and home. And it’s tiny! However, my only concern is that if I lose it, someone else can easily get access to all of my stuff by plugging it into their own computer. What can I do to minimize this? Encrypt or secure the data? Or…?
I too just bought one of these wonderful little drives and am using it as a keychain. Amazing. 512MB in something no bigger than a pack of gum.
However, I too have the same concerns about losing the drive, and here’s what I’ve been thinking about: first, since I’m using it as a Mac drive, odds are that if were found, it’d be plugged into a PC, which, since I’ve formatted it as a Mac drive, means that the computer will promptly ask if they want to format it for use, which means all of my data was just wiped out without them ever seeing it.
However, they might have a Mac, or they might be curious and plug it into a Mac so that isn’t really any sort of solution to the problem…
The official Apple way to solve this is to use FileVault, which offers 128-bit Advanced Encryption Standard. What I haven’t figured out, though, is whether FileVault lets me encrypt a folder and its contents, or whether it’s only for, as the Apple help material says, “encrypting the information in your home folder.”
A better strategy is to go to VersionTracker and search for ‘encryption’, where you’ll find lots of choices, including notably PuzzlePalace (from Brian Hill, the author of the popular MacJanitor program), and Encryptor from one of my favorite shareware groups, SubRosaSoft. Both of these will set you back a few dollars, but it’s a good cause.
Another solution is to use an application like Stuffit Standard or Deluxe to create an archive that has a password. Easy to do, and you might well already have Stuffit on your computer.
If you don’t want to spend any money on shareware, there’s another way to work with these external drives that’s perhaps a bit more involved, but effective, highly secure, and easy once you figure it out…
Open up Terminal (Applications-*gt;Utilities->Terminal) and create a tar archive of the files and folders you want to transfer. In this instance, I’m going to archive and encrypt the contents of a folder called “HTML for Dummies”:
$ tar cf html.tgz ./HTML\ for\ Dummies/ $ ls -l html.tgz -rw-r--r-- 1 taylor staff 2662400 28 Nov 09:25 html.tgz
The end result is that I now have a file called “html.tgz” that’s a compressed tar archive, containing a copy of all the files and folders within the original HTML directory. It’s still not encrypted, however, and to accomplish that, we’re going to rely on the powerful encryption utilities included with the SSL library that’s built-in to Mac OS X.
These SSL utilities are accessed via the rather confusing openssl function, like this:
$ openssl des3 -salt -in html.tgz -out html.tgz.des3 enter des-ede3-cbc encryption password: Verifying - enter des-ede3-cbc encryption password: $ ls -l html* -rw-r--r-- 1 taylor staff 2662400 28 Nov 09:25 html.tgz -rw-r--r-- 1 taylor staff 2662424 28 Nov 09:26 html.tgz.des3
Now there’s a new tar archive, one that’s actually encrypted using the powerful DES3 cipher. Still with me? Let’s just confirm that this new archive file doesn’t actually work with tar (which it shouldn’t, since it’s encrypted):
$ tar tzf *des3 gzip: stdin: not in gzip format tar: Child returned status 1 tar: Error exit delayed from previous errors
Good! That’s the file that I’d copy across to my flash drive, knowing that it’s safely encrypted from prying eyes, yet quite easily to decrypt and restore on my other computer:
$ openssl des3 -d -salt -in html.tgz.des3 -out html.tgz enter des-ede3-cbc decryption password: $ tar xf html.tgz $
That’s all there is to it.
If this appeals to you, then it could be a very useful shell script to write, one that would let you have a folder on your Desktop called, say, BackAndForth, where everything therein would be automatically archived with tar, encrypted with openssl, and then copied onto the flash drive, all with a single typed command.
However, given that this wouldn’t be too difficult, I am surprised that there aren’t any nice sync utilities designed specifically for flash drives and Mac OS X. If you know of one, please do add a link and I’ll check it out!