Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Encrypt any disk in Mountain Lion

Kirk McElhearn | Aug. 10, 2012
One of the more interesting--and less visible--new features in Mountain Lion is the ability to encrypt almost any disk. OS X has long offered the ability to encrypt your startup disk using Apple's FileVault, but Mountain Lion extends this feature to other disks, even to simple USB flash drives. Here is an overview of how this feature works, how you can encrypt and decrypt a disk, and what options you have when doing so.

sudo diskutil corestorage convert disk4s1

Terminal will request your administrator's password, then will begin the conversion process. Note that you'll even see a progress bar on the last line in Terminal, as below.

Started CoreStorage operation on disk4s1 Untitled $Resizing disk to fit Core Storage headers $[ | 0%..10%.............................................. ]

When this process has completed, you'll be shown information about the disk in Terminal:

$Creating Core Storage Logical Volume Group

$Attempting to unmount disk4s1

$Switching disk4s1 to Core Storage

$Waiting for Logical Volume to appear

$Mounting Logical Volume

$Core Storage LVG UUID: C33BF3C6-B808-4BE4-8D18-02DBC0151667

$Core Storage PV UUID: 9D312FD5-33F1-4A53-8F49-1C64010710D1

$Core Storage LV UUID: 2D74D3DA-95DF-4652-A48C-CDC86898B5EF

$Core Storage disk: disk5

$Finished CoreStorage operation on disk4s1 Untitled

Encrypt the disk The important information above is the LV UUID, or logical volume universally unique identifier. Using that information, you can then run the command to encrypt the disk, as follows:

sudo diskutil corestorage encryptvolume 2D74D3DA-95DF-4652-A48C-CDC86898B5EF -passphrase password

Replace password with your password. And make sure you don't forget it!

You'll see the following when the process is finished; as above, with the method of encrypting a disk from the Finder, this may take a while:

Started CoreStorage operation on disk5 Untitled

$Scheduling encryption of Core Storage Logical Volume

$Core Storage LV UUID: 2D74D3DA-95DF-4652-A48C-CDC86898B5EF

$Finished CoreStorage operation on disk5 Untitled

At this point, your disk is now encrypted. You can eject it from the Finder (or, if you want to stay in Terminal, you can eject it with this command: diskutil eject Untitled), and use it as described above. The next time you connect it to a Mac, you'll be asked for the password.

Decrypt the disk Decrypting a disk from the command line is pretty simple. Here's the command you can use, with the LV UUID we saw above. Replace password with your password.

diskutil cs decryptvolume 2D74D3DA-95DF-4652-A48C-CDC86898B5EF -passphrase password

For most users, encrypting volumes in the Finder is simplest option, but power users may enjoy the feedback and control they get with the command line. Either way, Mountain Lion's new encryption feature is a great way to secure portable disks to carry sensitive files.



Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.