Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Encrypt any disk in Mountain Lion

Kirk McElhearn | Aug. 10, 2012
One of the more interesting--and less visible--new features in Mountain Lion is the ability to encrypt almost any disk. OS X has long offered the ability to encrypt your startup disk using Apple's FileVault, but Mountain Lion extends this feature to other disks, even to simple USB flash drives. Here is an overview of how this feature works, how you can encrypt and decrypt a disk, and what options you have when doing so.

Don't lose your password

Copy files to and from this disk, and they will be encrypted or decrypted on the fly. This feature uses full disk, XTS-AES 128 encryption, which is secure enough for most uses. But I cannot stress enough that if you lose this password, you will not have access to any of the files on the disk. Period. Unlike FileVault, which presents you with a "recovery key" that you can use if you've lost your password, there is no safety net here.

If you ever want to turn off encryption, right- or Control-click on the disk and choose Decrypt Disk Name. Enter your password, then click on Turn Off Encryption. As with the encryption process, there is no progress bar or other feedback.

While you can turn on or off encryption while your disk contains files, there is always the chance that something may go wrong. It's best to make sure you have a copy of those files before encrypting or decrypting.

Use disk encryption from the command line

Can you encrypt your disks from the command line? Of course you can. If you're not the geeky type, you may not want to read any further. But if you do know how to wield Terminal commands and want more feedback about the encryption process, the following will certainly interest you.

Prepare a disk by converting You encrypt disks with the diskutil command, but first, you have to convert them to a format called CoreStorage.

Start by running this command:

diskutil list

This returns a list of all the disks connected to your Mac. For example, on my Mac, I see this:

diskutil list



0: GUID_partition_scheme *251.0 GB disk0

1: EFI 209.7 MB disk0s1

2: Apple_HFS Mac OS X 250.1 GB disk0s2

3: Apple_Boot Recovery HD 650.0 MB disk0s3



0: GUID_partition_scheme *2.0 TB disk1

1: EFI 209.7 MB disk1s1

2: Apple_HFS Music Ext 2.0 TB disk1s2



0: GUID_partition_scheme *2.0 TB disk2

1: EFI 209.7 MB disk2s1

2: Apple_HFS Boot Backup 150.0 GB disk2s2

3: Apple_HFS Backup 1.6 TB disk2s3

4: Apple_HFS TM Backup 249.4 GB disk2s4



0: GUID_partition_scheme *750.2 GB disk3

1: EFI 209.7 MB disk3s1

2: Apple_HFS Music 749.8 GB disk3s2



0: GUID_partition_scheme *1.0 GB disk4

1: Apple_HFS Untitled 1.0 GB disk4s1


The disk I want to encrypt is the last one, called Untitled. To the right of its name, you can see its identifier, disk4s1. With that information, I can convert the disk to the CoreStorage format with the following command:


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.