File Encryption on Macintosh OS X Tiger (version 10.4.x)

The Sonoma State Information Technology department recommends that all Personal Confidential Information that is stored on the local disks of Macintosh computers be kept in an encrypted disk image.  An encrypted disk image is a password protected storage area.  The contents of an encrypted disk image cannot be accessed until the image is mounted (opened) which requires authentication.  It is important to note that this process does not encrypt actual files, but rather creates an encrypted storage allocation to safely store files.  This means that files are no longer encrypted when moved from the encrypted disk image.  Encrypted disk images can be created with the OS X native application Disk Utility. Disk utility can either be used to create an encrypted disk image from an existing folder or to create a blank encrypted disk image for storing files.  Both processes will be explained in this document.   

How to Encrypt an Existing Folder

  1. Launch the Disk Utility application that is located at Applications/Utilities/Disk Utility. 
  2. Within Disk Utility, go to File/New and select "Disk Image from Folder."
  3.  Navigate to the folder you wish to encrypt, select it then click "Image."
  4. Enter a name for the encrypted disk image (a), designate where it will be saved (b), change the Image Format to "read/write" (c), change the Encryption to "AES-Recommended 128" (d), then click "Save."
  5. Before entering a password for the encrypted disk image that will contain the folder, it is important to note that the data in this folder will be LOST FOREVER if the password is forgotten.  IT will have no way of recovering the data if the password is forgotten.   To proceed, enter a password for the encrypted disk image, verify it, uncheck the box "Remember password (add to Keychain)" then click OK.
  6. You have completed the creation of an encrypted disk image that contains a copy of the folder.  The original, unencrypted folder still exists.  The contents of the encrypted disk image can be viewed and modified when the disk image is mounted.  Locate the newly created encrypted disk image and double click on it to mount the disk image.  You will be prompted to enter the recently defined password for the encrypted disk image.
  7. Verify that the contents of the mounted disk image (encrypted folder) match the original folder then delete the original, unencrypted folder.  To delete the original unencrypted folder, move it to the trash then use the ‘Secure Empty Trash’ from the Finder menu.
  8. The contents of the encrypted disk image can be modified when the image is mounted.  To unmount the disk image, click on it once to select it then select Eject "Image Name" from the File menu in the Finder. It is recommended to keep the encrypted disk image unmounted when it’s not in use.

How to Create a Blank Encrypted Disk Image

  1. Launch the Disk Utility application that is located in Applications/Utilities/Disk Utility. 
  2. Within Disk Utility, go to File/New and select "Blank Disk Image."
  3. Enter a name for the new encrypted disk image (a), specify where it will be located (b), specify a size (c), change the Encryption field to AES-128 (recommended) (d), change the Format field to "read/write disk image" (e) then click "Create." 500 MB should be large enough for numerous data files.
  4. Before entering a password for the encrypted disk image that will contain the folder, it is important to note that the data in this folder will be LOST FOREVER if the password is forgotten.  IT will have no way of recovering the data if the password is forgotten.   With that being said, enter a password for the encrypted disk image, verify it, uncheck the box "Remember password (add to Keychain)" then click OK.
  5. You are now completed with the creation of an encrypted disk image.  The encrypted disk image is read/write meaning that after authenticating, its contents to be read, edited and added to.  Locate the newly created encrypted disk image and double click on it to mount the disk image.  You will be prompted to enter the recently defined password for the encrypted disk image.  When the disk image is mounted it functions much like a separate storage volume.  Files can be opened from and saved to the mounted disk image. 
  6. The contents of the encrypted disk image can be modified when the image is mounted.  To unmount the disk image, click on it once to select it then select Eject "Image Name" from the File menu in the Finder. It is recommended to keep the encrypted disk image unmounted when it’s not in use.

How to Encrypt the Entire Home Folder

Do not complete the following procedures before contacting SSU/IT at 707-664-HELP. Failure to consult with SSU/IT could result in total data loss.

  1. Open System Preferences from the Apple menu in the upper left hand corner.
  2. Open the Security System Preference.
  3. Click on the button that says, "Turn on File Vault" then follow the prompts to completion. 
    NOTE: If SSU/IT has not set a master password for your computer, all data in your Home folder will be lost if you forget your password. It is imperitive that you contact the IT Helpdesk before enabling the file vault.