Dave, I’ve recently bought a little USB flash drive and am finding it is a great way to transport files between my office and home. And it’s tiny! However, my only concern is that if I lose it, someone else can easily get access to all of my stuff by plugging it into their own computer. What can I do to minimize this? Encrypt or secure the data? Or…?
I too just bought one of these wonderful little drives and am using it as a keychain. Amazing. 512MB in something no bigger than a pack of gum.
However, I too have the same concerns about losing the drive, and here’s what I’ve been thinking about: first, since I’m using it as a Mac drive, odds are that if were found, it’d be plugged into a PC, which, since I’ve formatted it as a Mac drive, means that the computer will promptly ask if they want to format it for use, which means all of my data was just wiped out without them ever seeing it.
However, they might have a Mac, or they might be curious and plug it into a Mac so that isn’t really any sort of solution to the problem…
The official Apple way to solve this is to use FileVault, which offers 128-bit Advanced Encryption Standard. What I haven’t figured out, though, is whether FileVault lets me encrypt a folder and its contents, or whether it’s only for, as the Apple help material says, “encrypting the information in your home folder.”
A better strategy is to go to VersionTracker and search for ‘encryption’, where you’ll find lots of choices, including notably PuzzlePalace (from Brian Hill, the author of the popular MacJanitor program), and Encryptor from one of my favorite shareware groups, SubRosaSoft. Both of these will set you back a few dollars, but it’s a good cause.
Another solution is to use an application like Stuffit Standard or Deluxe to create an archive that has a password. Easy to do, and you might well already have Stuffit on your computer.
If you don’t want to spend any money on shareware, there’s another way to work with these external drives that’s perhaps a bit more involved, but effective, highly secure, and easy once you figure it out…
Open up Terminal (Applications-*gt;Utilities->Terminal) and create a tar archive of the files and folders you want to transfer. In this instance, I’m going to archive and encrypt the contents of a folder called “HTML for Dummies”:
$ tar cf html.tgz ./HTML\ for\ Dummies/ $ ls -l html.tgz -rw-r--r-- 1 taylor staff 2662400 28 Nov 09:25 html.tgz
The end result is that I now have a file called “html.tgz” that’s a compressed tar archive, containing a copy of all the files and folders within the original HTML directory. It’s still not encrypted, however, and to accomplish that, we’re going to rely on the powerful encryption utilities included with the SSL library that’s built-in to Mac OS X.
These SSL utilities are accessed via the rather confusing openssl function, like this:
$ openssl des3 -salt -in html.tgz -out html.tgz.des3 enter des-ede3-cbc encryption password: Verifying - enter des-ede3-cbc encryption password: $ ls -l html* -rw-r--r-- 1 taylor staff 2662400 28 Nov 09:25 html.tgz -rw-r--r-- 1 taylor staff 2662424 28 Nov 09:26 html.tgz.des3
Now there’s a new tar archive, one that’s actually encrypted using the powerful DES3 cipher. Still with me? Let’s just confirm that this new archive file doesn’t actually work with tar (which it shouldn’t, since it’s encrypted):
$ tar tzf *des3 gzip: stdin: not in gzip format tar: Child returned status 1 tar: Error exit delayed from previous errors
Good! That’s the file that I’d copy across to my flash drive, knowing that it’s safely encrypted from prying eyes, yet quite easily to decrypt and restore on my other computer:
$ openssl des3 -d -salt -in html.tgz.des3 -out html.tgz enter des-ede3-cbc decryption password: $ tar xf html.tgz $
That’s all there is to it.
If this appeals to you, then it could be a very useful shell script to write, one that would let you have a folder on your Desktop called, say, BackAndForth, where everything therein would be automatically archived with tar, encrypted with openssl, and then copied onto the flash drive, all with a single typed command.
However, given that this wouldn’t be too difficult, I am surprised that there aren’t any nice sync utilities designed specifically for flash drives and Mac OS X. If you know of one, please do add a link and I’ll check it out!
I am looking for the same solution (mac and pc compatible USB encryption). I have just started researching and so far it seems that Encrypt Stick (encryptstick.com) looks like it’s going to be the perfect solution to the problem.
Worth checking out.
Dave. TrueCrypt.
Dave, does this work for Music players?
Some thoughts–
1. Dave suggests using tar and then gzip to consolidate your files into one file, and compress that file. A problem with this technique is that, if one is using Panther or earlier, resource data will be deleted. So, if you are using Panther or earlier, use “ditto��? instead.
There’s a nice applescript for encrypting data using openssl, available here:
http://scriptbuilders.net/files/encryptlet1.1.4.html
2. For cross-platform encryption, I would suggest GPG, which is available as a command-line application with a graphical installer for both Mac OS X and Windows XP. Here are some links for that:
http://www.gnupg.org/download/#auto-ref-2
http://macgpg.sourceforge.net/
If you are using OS X 10.3 or earlier, I recommend that you get Developer Tools and compile GPG yourself, so you can get the newest copy. As before, you should use ditto before gpg-encrypting your data.
Try ChronoSync to sync between you hard drive and a flash drive.
http://www.econtechnologies.com/
I use it to do just what you’re looing for: hard drive to Flash drive
Works great!
How Can I Secure / Encrypt Folders On My Mac’s USB Flash Drive?
Dave, I’ve recently bought a little USB flash drive and am finding it is a great way to transport files between my office and home. And it’s tiny! However, my only concern is that if I lose it, someone else can easily get access to all of my stuff by p…
For a cross-platform encryption tool, check out Pretty Good Privacy (PGP). I haven’t tried it yet, but when this question has come up recently in other forums, that seems to be the best solution.
See http://www.pgpi.org/
(Of course, one could argue that putting these files on your Windows system is a bigger security risk than having your files unencrypted on the flash drive in your pocket….) heh heh heh
Using an encrypted tar archive or ZIP file would certainly be portable across platforms. In terms of finding a platform neutral encrypted file system, I’m not sure that exists…
My problem is that I need an encryption solution that works with both my Mac and my PC at the office. I would like a volume on the USB Drive that contains all my files I want to keep safe, then I have a small linux virtual machine on it also that I use that I wish I could secure. Any ideas for these? Thanks
The technique I prefer is to store an encrypted disk image on the USB flash drive.
To create it, either (GUI) use the DiskUtility, Images menu. or (Terminal) use the hdiutil command. See help/man respectively for more details.
All FileVault does is create a sparce, encrypted disk image of your home directory, auto-mount it when logged in, dismount it when logged out, plus a few other automatic details.
/John
Here’s good news! It turns out that the USB flash drive I bought is the Lexar JumpDrive Secure, and according to my friend Derrick Story at O’Reilly, it comes with some very useful software that lets me easily create an encrypted partition on the drive. Derrick’s article is at http://www.macdevcenter.com/pub/a/mac/2004/08/20/secure_flash.html if you’d like to read it.
That doesn’t address synchronization issues, but it does address the security concern that every flash drive owner should be thinking about.