The Mac OS X FileVault feature converts a user's home folder to a disk image encrypted with that user's login password. FileVault images are encrypted with the Advanced Encryption Standard using a 128-bit key (AES-128). When a user logs in, the home folder is automatically mounted and the login password is used to decrypt and encrypt home folder contents as they are used, so files can be accessed normally. When the user is not logged in, the contents of the folder are inaccessible, even through mechanisms (such as root mode) that can normally bypass file protections. Because of this, FileVault is the preferred method to secure a user's files when Mac OS X integrity cannot be guaranteed (especially when proper physical security is not possible, as with laptops). When the user is not logged in, the disk image of the home folder is stored in /Users/username/username.sparseimage. When the user logs in, the /Users/username folder is renamed to /Users/.username (which makes it invisible), a new folder named /Users/username is created, and the disk image is mounted over the /Users/username folder. When the user logs out, the mount folder is deleted and the folder that contains the disk image is renamed. If the computer should happen to crash, this leads to a scary-looking situation where the user's disk image appears to have vanished into thin air. Don't panic. The disk image is still there, it's just hidden in the invisible /Users/.username folder. The next time the user logs in, everything should be restored automatically. Note Encrypted disk images can also be created and mounted manually. These can be used in addition to or instead of FileVault to provide additional control over the security level of files. Using a manually created disk image with a different password (not the user's login password) would be appropriate for storing extremely sensitive files because they would be available only when the disk image is specifically mounted, not whenever the user is logged in. Using a manual disk image instead of FileVault would be appropriate if only certain files need to be stored securely, and those files can be stored in a user-defined location (not preference files or other files that are automatically stored in the user's Library folder). FileVault has several limitations that you should consider before enabling it for any user account:
Setting a Master Password for FileVaultBefore you can enable FileVault for any user accounts, you must set a master password for FileVault. This password provides an emergency safety net for FileVault-protected accounts; without it, losing the user's login password would result in the loss of all data in the user's home directory. The master password is used to encrypt a Keychain, which secures an encryption backdoor that can be used to reset access to FileVault accounts if their passwords are lost. The password assistant gives you suggestions for different types of passwords:
To set a master password for FileVault:
Using the Master Password to Reset a Lost Account PasswordIf the password for a FileVault-protected account is lost, the only way to properly reset it is with the master password. Normal password reset options (using the System Preferences Account pane) do not work. Some reset methods, such as running the Password Reset utility from the Install DVD, may appear to work, but at most they will reset the user's login password, not the FileVault encryption password. If these passwords do not match, the user still will not be able to log in. To reset a FileVault account's password, use the login window to attempt to log in to the account three times, entering a wrong password each time. After the third unsuccessful attempt, LoginWindow will ask for the master password. If it is provided successfully, you can provide a new password for the account. Both the account's login password and the disk image's encryption password will be switched. One password that will not be switched is the encryption password for the account's login Keychain. This password will remain set to the old (lost) password. During the reset process, LoginWindow claims that it will create a new (blank) Keychain and move the old one aside, but it may not actually do this. To create a new (blank) login Keychain with a password that matches the login and disk image passwords, navigate to ~/Library/Keychains and rename or delete the login.keychain file. Then log out of and back into the account; a new Keychain will be created automatically. Since the FileVault recovery mechanism does not handle the Keychain's encryption, there will be no way to recover the contents of the old Keychain unless its password can be found or recovered. Instead, the user will have to reenter her various service passwords into the new Keychain. Enabling FileVaultThe FileVault conversion process is started within the account to be converted. The conversion should be the only thing happening on the computer. No other users may be logged in, and no other programs may be running. Since the conversion process can take time, plan the conversion for a time when the computer can sit effectively idle until it is done. Last-minute conversions (just before the user leaves with his PowerBook to catch a flight) are a recipe for trouble.
To enable FileVault:
|