To encrypt and securely store data, you can create a read/write image or a sparse image:
- read/write image consumes the space that was defined when the image was created. For example, if the maximum size of a read/write image is set to 10 GB, the image consumes 10 GB of space even if it contains only 2 GB of data.
- A sparse image consumes only the amount of space the data needs. For example, if the maximum size of a sparse image is 10 GB and the data is only 2 GB, the image consumes only 2 GB of space.
If an unauthorized administrator might access your computer, creating an encrypted blank disk image is preferred to creating an encrypted disk image from existing data.
Creating an encrypted image from existing data copies the data from an unprotected area to the encrypted image. If the data is sensitive, create the image before creating the documents. This creates the working copies, backups, or caches of files in encrypted storage from the start.
Note: To prevent errors when a file system inside a sparse image has more free space than the volume holding the sparse image, HFS volumes inside sparse images report an amount of free space slightly less than the amount of free space on the volume the image resides on.
To create an encrypted disk image:
1 Open Disk Utility.
2 Choose File > New > Blank Disk Image.
3 Enter a name for the image, and choose where to store it.
4 In the Name field, enter the name you want to appear when the image is mounted.
5 Choose the size of the image from the Size pop-up menu.
Make sure the size of the image is large enough for your needs. You cannot increase the size of an image after creating it.
6 Choose a format from the Format pop-up menu.
7 Choose an encryption method from the Encryption pop-up menu. AES-128 or AES-256 is a strong encryption format.
8 Choose a partition type from the Partitions pop-up menu. The default is Single partition – Apple Partition Map.
9 Choose a format from the Image Format pop-up menu.
Although there is some overhead, the sparse format allows the image to maintain a size proportional to its contents (up to its maximum size), which can save disk space.
10 Click Create.
11 Enter a password and verify it. You can access Password Assistant from this window.
12 Deselect “Remember password (add to Keychain)” and click OK.
Creating an Encrypted Disk Image from Existing Data
If you must maintain data confidentiality when transferring files from your computer but you don’t need to encrypt files on your computer, create a disk image from existing data.
Such situations include unavoidable plain-text file transfers across a network, such as mail attachments or FTP, or copying to removable media, such as a CD or floppy disk.
If you plan to add files to this image instead of creating an image from existing data, create an encrypted disk image and add your existing data to it.
To create an encrypted disk image from existing data:
1 Open Disk Utility.
2 Choose File > New > Disk Image from Folder.
3 Select a folder and click Image.
4 Enter a name for the image and choose where to store it.
5 Choose a format from the Image Format pop-up menu.
The compressed disk image format can help you save hard disk space by reducing your disk image size.
6 Choose an encryption method from the Encryption pop-up menu. AES-128 or AES-256 provide strong encryption.
7 Click Save.
8 Enter a password and verify it. You can easily access Password Assistant from this window.
9 Deselect “Remember password (add to Keychain)” and click OK.