I need to give my boss backup copies of some sensitive data. I want to encrypt the data, but she needs to be able to decrypt it on her own, without technical support (as long as she has the password, of course). Additionally, the decryption might need to be done on either a Mac or a Windows computer, and she may not have the ability to install new software on it. Running a self-contained program off a USB key would be okay.
Here's what I've already considered:
Use an encrypted ZIP file - Works fine on Windows, but on the Mac double-clicking an encrypted zip file gives an obscure, misleading error message. You have to open it using the terminal, which might not even have zip installed.
Use TrueCrypt - It would be fine if you could run TrueCrypt off of a USB key, but it looks like both the Mac and Windows versions require you to run an installer.
Put the plaintext file on a web server with .htpasswd authentication - This may be what I fall back on if no one has a better idea, even though it's a joke in terms of actual security.
Additionally, this post has a similar question. The two main suggestions are AxCrypt (doesn't work for me because it's Windows-only) and using a dedicated SCP account (which I don't have the ability to create).
Can anyone suggest a cross-platform, portable encryption method that would work for this scenario?
Answer
[based on my comment...] How about storing the data in multiple (redundant) formats for compatibility? I think having a copy in encrypted zip format (for Windows, and probably many other OSes), and another copy in encrypted Mac disk image format for OS X? This'll be a little annoying to set up (or update), since you need to create/update two copies in sync.
How to create the disk image depends on whether you expect to need to update the data. If it will be updated, run Disk Utility, choose File > New > Blank Disk Image, then set the volume name to something reasonable, set the size larger than you expect to need, select an encryption mode, and set the Image Format to "sparse disk image". After creating the image, you can add, remove, and replace the files in the image and it'll expand as needed (up to the size limit you set).
If you don't expect to need to update the data, put the files to be encrypted in a folder, then in Disk Utility choose File > New > Disk Image from Folder, then select the folder to be encrypted, then select an encryption mode and set Image Format to "compressed". This makes a smaller image (depending on how compressible the data is), but it cannot be updated.
Once the image is properly created, you can replicate its contents into an encrypted zip archive by mounting the image, then running the commands:
cd /Volumes
zip -r --encrypt /path/to/where/to/put/archive.zip imagevolumename
Warning: this uses the original zip encryption method, which is not very secure. If this isn't good enough, you'll have to use tools other than those supplied by default in OS X.
No comments:
Post a Comment