A little known feature of FileVault is the ability to create encrypted volumes. Volumes are essentially encrypted file containers that can store a file or set of files. Volumes can be copied, emailed, burned to a DVD, or just set up as an additional layer of encryption for especially sensitive files. FileVault volume level encryption allows you to do this without needing a third-party application like VeraCrypt – assuming you don’t need to share these volumes with other operating systems.
FileVault Volume Level Encryption
To begin, open Disk Utility. This can be found by opening the Launchpad and selecting “Other” (shown below). Click the Disk Utility icon.
NOTE: If you wish to encrypt a pre-existing folder (i.e. one already containing sensitive files) select “Image from Folder”. Use the next Finder window to navigate to the folder you wish to encrypt.
In the Disk Utility interface a new window will appear. It will ask you to name the image and choose some other criteria. The size of the image should be based on the amount of encrypted storage you need. If this is a volume in which you wish to store a large number of files over a long term, you may wish to make it a little larger than you think you need. Another important option is the encryption: AES-128 or AES-256. When you are ready to proceed click “Save”.
Next, you will be asked to choose a password. There is one important thing to remember here: you must be able to manually type this password! Even though the application will let you paste the password when creating the .dmg, you will not be able to paste when actually mounting the image. Choose a good password, but one that you can type; This is an excellent opportunity to use a diceware password. After you have entered the password click “Choose”.
A password prompt will appear. Enter your password and the disk image will mount. It will now show up in Finder as a device, just as a USB flash drive or external hard drive would. You can now copy or save files to this location. When you dismount the device, its contents will once again be protected.
FileVault is an incredibly robust program. The flexibility to encrypt the entire OS volume, external drives and devices, and to make encrypted file containers makes it an all-in-one solution for those who don’t need cross-platform compatibility. FileVault volume level encryption gives you one more tool to make your data more secure.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.