 |
 |
GPG (GnuPG), MacGPG an alternative for File Vault?
|
|
|
|
|
Junior Member
Join Date: Sep 2002
Status:
Offline
|
|
Are GPG (GnuPG), MacGPG or other OpenPGP implementations an alternative for File Vault?
Since Time Machine can only backup complete File Vault user directories I wonder if using GPG is an alternative.
I have not yet used the GPG package but if I recall it correctly GPG can encrypt folders (aswell as emails) but encrypts the files within this folder indiviually instead of using a single encrypted disk image for the entire user folder.
The questions are:
How secure is this?
Are the filenames also "encrypted" (BASE64)?
Base64 - Wikipedia, the free encyclopedia
GnuPG at wikipedia:
GNU Privacy Guard - Wikipedia, the free encyclopedia
...this page lists a few security problems
Mac GNU Privacy Guard (Mac OS X port of GnuPG)
Mac GNU Privacy Guard
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
Leopard's FileVault uses sparse bundle disk images which are more Time Machine-friendly (backed up in 8 MB bands). For sensitive data you can create one of those for yourself in Disk Utility as an alternative to using FileVault.
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Sep 2002
Status:
Offline
|
|
Sounds like a solution.
Splitting an the encrypted disk image (for File Vault) is one of the possible solutions for the problem I had in mind but I had no idea that it`s already handled that way.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Online
|
|
There are pros and cons to either approach...
Encrypted disk images obviously encrypt the entire contents which creates the backup problems you are describing, and is also sort of an overkill since you have a lot of data which is not particularly private.
GnuPG is absolutely secure, it is used by our security department here. We are asked to PGP sign files used for court cases, and routinely PGP encrypt and/or sign email that we send. However, there is no way to automate PGP encryption each time a document is saved, this has to be done manually as per its design. The exception is with email, you can install a client side app such as Thunderbird's Enigmail or OS X Mail's GPGMail to encrypt (and sign) your email messages. This leaves your other documents out of the picture though. You can setup a cronjob to encrypt/sign at scheduled intervals, but I believe to do so you would need a passwordless private key, which is often not advisable.
So, my recommendation: if you want to encrypt everything including the kitchen sink and the disk image segmentation thing sounds viable to you, go with that. If you just have some particular files you want to protect and don't mind doing this manually, go for GnuPG.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Aug 2002
Status:
Offline
|
|
Either option you choose, I would stay away from using FileVault in Leopard for your entire Home directory. I used FileVault since Panther without incident. Shortly after migrating to Leopard, via Erase and Install mind you, I got the dreaded "There was an error opening your FileVault Disk Image due to corruption" error. I was able to recover from it without too much damage. But if you look around the forums, both these and Apple's Discussion Board, you'll quite a few examples of Leopard users who weren't so lucky.
In addition to that, somewhere in the last few releases of Tiger a bug crept into FileVault that prevented OS X from remember default application preferences. If you set your web browser, email client, doc reader, or any number of other programs, to anything other than the default programs that Apple has set from the factory... all those setting would be back to factory defaults on every restart. Seems like a little thing, but it got really annoying after a while.
Since that incident, I've been running FileVault free with no problems. I just use GPG for sensitive data. And as a bonus, all my default applications stay exactly as I set them.
|
|
"Design is not just what it looks like and feels like. Design is how it works." - Steve Jobs
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Sep 2002
Status:
Offline
|
|
I intend to use different user accounts for the different things I do on the computer so I can individually choose wether to use FileVault or not for each account.
My work data doesn`t need to be encrypted but office/banking/emails should be private.
Although I didn`t read about problem users already had with FileVault I must admit that I`m not surprised since the whole FileVault encrypted home directory can be lost if just a single file (the disk image) is damaged.
So my preliminary conclusion is:
It seems advisable to not use encryption for data where encryption is not really needed and to think about frequent multiple (redundant) backups of data encrypted with FileVault.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Online
|
|
If you just need to secure your email, skip Firevault, and look into using PGP in your email client... That would be my suggestion.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
