Encrypt Data for Macintosh OS X

Encryption is a security measure that converts data into a form that becomes unreadable to those that are not authorized to access the data. It is ideal to encrypt your files if your computer stores sensitive data, is portable or is in a physically insecure location.

There are three applications you can use to encrypt data on Apple OS X:

Disk Utility

All versions of Apple OS X after 10.3 include an application called Disk Utility, which allows you to create encrypted, password-protected disk images. The encryption uses the Advanced Encryption Standard with a 128-bit key. Disk images are the preferred method of securing data. Creating disk images avoids the risk associated with encrypting large quantities of data that doesn't need securing.  The risk comes from forgetting the password and as a result all the data in the encrypted directory is lost.

Disk Utility is good for storing smaller quantities of sensitive data or files. Only the files and directories you specify are encrypted. You can encrypt the data anytime, either when you have an existing file or directory you'd like protected or when you'd like to create new disk image.

Performance of your computer is only affected when you access the encrypted directory.


Apple OS X 10.6 and earlier versions also include an encryption program called FileVault, which can be used to encrypt and decrypt your entire home directory (your home directory includes your documents, movies, pictures and other settings).  FileVault also uses the Advanced Encryption Standard with a 128-bit key and is password protected. Once again, if you forget the password, all your documents will be lost.

If your home directory is large it will take a very long time to encrypt your data, so it is not a good idea to use FileVault on large pre-existing home directories. FileVault is best when used with a new account and home directory. As the new account grows over time, the new files will be encrypted.

Performance of your computer when accessing audio and video files stored in your home directory will be affected.

FileVault 2

FileVault 2 is the next version of FileVault that Apple introduced in OS X 10.7.  It has been reworked to encrypt the entire contents of your hard drive instead of just the home directory.  It has also been placed on an underlying level separated from the OS.  As a result it is completely transparent to the OS.  This gives you the ability to continue using your computer while the encryption is going on in the background. CPU intensive tasks should still be avoided while the encryption is running. 

There is a minimal system performance hit when using FileVault2.


For instructions on how to set up FileVault for Mac OS 10.7 and before, please see About FileVault 2.