14

I'd need to create an encrypted volume on my MacBook Pro running OS X El Capitan.

It's been a while since I needed to do something like that, I think it was 2010 when I used TrueCrypt.

I know that nowadays its development has been suspended or somehow discontinued, so I was wondering: how to have an encrypted volume with TrueCrypt-like level of security on Mac OS X?

Federico Zancan
  • 315

3 Answers3

10

Just use FileVault 2, which comes with El Capitan and is pretty secure.

If you need separate volumes or passwords for different projects, you can also use OS X encrypted disk images with 128 or 256 bit AES encryption. This allows you to choose to store the passphrase for each volume offline, in separate keychains or in the main keychain as you see fit.

The benefit of FileVault is whole disk hardware encryption so you should start there and then layer in encrypted disk images for projects that require even more protection or isolation.

bmike
  • 235,889
Mike Scott
  • 10,484
  • 1
    It is actually called CoreStorage. FileVault 2 is only for the System volume. Not sure if you can use it with DiskUtillity(I guess you can create only new encrypted volumes there) but in terminal type : diskutil coreStorage and then you find the options to convert a volume. For the security see: Unlocking FileVault – user60589 Apr 04 '16 at 13:07
  • I would call FileVault a big step up in security over TrueCrypt as it doesn't have red banner warnings saying "WARNING: Using TrueCrypt is not secure" due to it not being maintained and patched going forward: http://truecrypt.sourceforge.net – bmike Apr 04 '16 at 13:52
  • 1
    FileVault2 / CoreStorage is great, but it's not a direct replacement for TrueCrypt in general, as it's not cross-platform. Hard to tell whether that matters to the OP, but it's worth bearing in mind. – calum_b Apr 04 '16 at 14:47
  • 1
    It's worth noting that both FileVault and FileVault 2 are proprietary software. While this arguably won't matter to many users, it's important to be able to audit the source code of encryption software to see if the implementation contains vulnerabilities. – Jules Apr 04 '16 at 16:58
  • @bmike It's still safer than any closed-source software you can't audit. Labels have no value except the one you put in them. – Agent_L Apr 04 '16 at 17:01
  • @Agent_L Your point reinforces the problem with this post. Without being explicit about what "secure" means. Some people feel secure without bicycle helmets - others do not. At least laying out your premise and/or threat model or reasoning leads to answers that are more subjective. Many proprietary software is secure - it depends on what you feel about https://en.wikipedia.org/wiki/FIPS_140-2 and other standards and whether someone feels they personally can audit codebase let alone implementations. I agree that the quality of audits matters greatly for cryptography. – bmike Apr 04 '16 at 18:08
  • For this use case, I wouldn't trust any closed-source software, let alone closed-source software made by a capitalist for-profit corporation, let alone closed-source software made by a capitalist for-profit corporation based in the United States, let alone closed-source software made by a capitalist for-profit corporation based in the United States that has provably already collaborated with the US government to abuse the privacy of billions of people. – iono Jan 22 '19 at 13:41
9

VeraCrypt

If you want operating system independence, e.g., a thumb drive that you can use on systems other than macOS, you might want to look at VeraCrypt - the successor to TrueCrypt. VeraCrypt is open source as well. Further information can be found in Encrypt FAT USB drive under El Capitan.

Graham Miln
  • 43,776
jwd630
  • 346
3

I personally use encFS, which is pretty easy to install on MacOSX, given that you know how to use homebrew and casks:

brew cask install osxfuse
brew install homebrew/fuse/encfs

To use it, I theen use two aliases, one to mount the volume:

mypasswd='encfs ~/cloud/Documents.encfs ~/Private -- && cd  ~/Private'

and then to unmount (and close the terminal):

mypasswd_umount='cd ~ && umount ~/Private && exit'
meduz
  • 562
  • Nice tip, all by command line. +1 – Federico Zancan Apr 10 '16 at 14:52
  • this solution was found after many trials and errors with diverse solutions to find a way to encrypt files on cloud storage... and then came encfs to save it all :-) I would very much love to get feedback on the security of this solution - it's simple but I am not sure about its efficiency... – meduz Apr 11 '16 at 18:54