Home directory encryption for OSX?
July 1, 2013 1:38 AM Subscribe
Is there any software that allows for encryption of home directories in OSX, a la original FileVault?
I have FileVault 2 enabled on my OSX (10.8) hard drive, but if I take it to the shop, I sometimes have to give them access to a user account which defeats the purpose of the encryption, since that password will decrypt the entire hard drive. I've started to use boxcryptor, but I'm unhappy with that because 1) they've moved to a subscription model and 2) I'd like things like my dot files in my home directory or files in ~/Library to be encrypted, so that my Chrome and Firefox password files aren't exposed, for instance. Is there any way of encrypting home directories like FileVault 1 used to do? Or, is there perhaps a convenient way of rigging up a system in which a dummy home directory is used, which is then used as the mountpoint for an encrypted volume?
I have FileVault 2 enabled on my OSX (10.8) hard drive, but if I take it to the shop, I sometimes have to give them access to a user account which defeats the purpose of the encryption, since that password will decrypt the entire hard drive. I've started to use boxcryptor, but I'm unhappy with that because 1) they've moved to a subscription model and 2) I'd like things like my dot files in my home directory or files in ~/Library to be encrypted, so that my Chrome and Firefox password files aren't exposed, for instance. Is there any way of encrypting home directories like FileVault 1 used to do? Or, is there perhaps a convenient way of rigging up a system in which a dummy home directory is used, which is then used as the mountpoint for an encrypted volume?
Boxcryptor uses encfs as the underlying encryption protocol. You can just set up that on your own on whichever directories you want to encrypt.
posted by chengjih at 2:02 AM on July 1, 2013
posted by chengjih at 2:02 AM on July 1, 2013
Response by poster: Perhaps you could use some scripts to mount an encrypted, sparse disk image as needed:
Yes, I know how to create an encrypted container, and I know that in principle this could be used with scripts. But there are particular challenges to be overcome when using this with a whole home directory. How do you get it to mount it on login, and unmount it on log out? etc...
You can just set up that on your own on whichever directories you want to encrypt.
The problem here is that the directory I want to encrypt is the home directory, or every subdirectory of it. But of course, there are many subdirectories of the home directory that are necessary to encrypt (dot folders and ~/Library/, for instance) so that it seems like encrypting each one separately would be prohibitively complicated. If I encrypt the home directory itself, things get even more complicated, because one needs to somewhat-automatically mount and unmount on log in/out. I'd like to know how to manage those complications, and, preferably, if there is any software that will manage them for me (a la FileCrypt 1).
posted by Philosopher Dirtbike at 3:55 AM on July 1, 2013
Yes, I know how to create an encrypted container, and I know that in principle this could be used with scripts. But there are particular challenges to be overcome when using this with a whole home directory. How do you get it to mount it on login, and unmount it on log out? etc...
You can just set up that on your own on whichever directories you want to encrypt.
The problem here is that the directory I want to encrypt is the home directory, or every subdirectory of it. But of course, there are many subdirectories of the home directory that are necessary to encrypt (dot folders and ~/Library/, for instance) so that it seems like encrypting each one separately would be prohibitively complicated. If I encrypt the home directory itself, things get even more complicated, because one needs to somewhat-automatically mount and unmount on log in/out. I'd like to know how to manage those complications, and, preferably, if there is any software that will manage them for me (a la FileCrypt 1).
posted by Philosopher Dirtbike at 3:55 AM on July 1, 2013
Truecrypt will let you mount an encrypted image as a virtual drive. I'm not a mac user, but I imagine it would be possible to 'move' your home directory onto the encrypted virtual drive.
posted by DrRotcod at 4:09 AM on July 1, 2013
posted by DrRotcod at 4:09 AM on July 1, 2013
« Older Looking for good sales principles... | Did gnostics tolerate or celebrate homosexuality? Newer »
This thread is closed to new comments.
How to create a password-protected (encrypted) disk image
posted by Blazecock Pileon at 1:42 AM on July 1, 2013