Encrypting files on MacOS

So, if you want to send some top secret stuff, you should probably talk to a security expert. But if you’re sending second-rank secret stuff to a Mac user Disk Utility is great. Security is only as good as its usability; if someone has to download 7zip to decrypt a file, they’re probably going to ask for you to send it to them plaintext anyway – which defeats the entire exercise. But since every Mac user has Disk Utility, it works well enough. Except when it doesn’t: it requires disk images be at least 10MB. Fortunately there’s the command line hdiutil.

But first. Put your second-rank secret stuff in a folder. Disk images must be created from folders. Don’t worry the disk image won’t contain the folder, just its contents. For this example we’re pretending your stuff is in a folder called yourstuff on your Desktop.

echo -n "password" | hdiutil create ~/stuff.dmg -volname "Encrypted Disk Image" -encryption AES-256 -format UDRO -srcfolder ~/Desktop/yourstuff -stdinpass

Here’s what everything means:

• echo -n "password"

  This allows you to see the password you’re typing out. Don’t use “password”. Obviously. It also passes said password to the disk without creating a new line. So your password is “password” and not “password\n”.

• hdutil create ~/stuff.dmg

  This will create the image and store it at ~/stuff.dmg

• volname "Encrypted Disk Image"

  The name of your image.

• encryption AES-256

  This specifies that we’re using the highest available encryption. Options are AES-128 or AES-256. Why not use the best? You deserve it.

• format UDRO

  This creates a read only dmg. Don’t let them mess with your data.

• srcfolder ~/Desktop/myfolder

  because you put your file inside a folder called myfolder on your Desktop

• stdinpass

  This reads a password from standard input, the password you’ve already echo’d in. Don’t use “password”. Obviously.