4

I need to give my boss backup copies of some sensitive data. I want to encrypt the data, but she needs to be able to decrypt it on her own, without technical support (as long as she has the password, of course). Additionally, the decryption might need to be done on either a Mac or a Windows computer, and she may not have the ability to install new software on it. Running a self-contained program off a USB key would be okay.

Here's what I've already considered:

  • Use an encrypted ZIP file - Works fine on Windows, but on the Mac double-clicking an encrypted zip file gives an obscure, misleading error message. You have to open it using the terminal, which might not even have zip installed.

  • Use TrueCrypt - It would be fine if you could run TrueCrypt off of a USB key, but it looks like both the Mac and Windows versions require you to run an installer.

  • Put the plaintext file on a web server with .htpasswd authentication - This may be what I fall back on if no one has a better idea, even though it's a joke in terms of actual security.

Additionally, this post has a similar question. The two main suggestions are AxCrypt (doesn't work for me because it's Windows-only) and using a dedicated SCP account (which I don't have the ability to create).

Can anyone suggest a cross-platform, portable encryption method that would work for this scenario?

Improve this question
2
  • Is there any reason not to include multiple formats -- something like an encrypted zip file for Windows and an encrypted DMG file for Mac, both with the same data?
    – Gordon Davisson
    Commented Jan 13, 2012 at 5:54
  • @GordonDavisson : Ah, thanks! I spaced on the fact that Macs can create encrypted disk images natively. I've gone ahead with your suggestion and created two copies of the data, one in an encrypted zip file and one in an encrypted mac disk image. The encrypted disk image is preferable, since the zip file by default leaves a copy of the cleartext sitting around on the hard drive. And having to manage two identical files in different formats is less than ideal. But it fits all my criteria, and should allow us to recover from a disaster. Thanks again for the suggestion!
    – octern
    Commented Jan 14, 2012 at 0:07

4 Answers 4

Reset to default
1

[based on my comment...] How about storing the data in multiple (redundant) formats for compatibility? I think having a copy in encrypted zip format (for Windows, and probably many other OSes), and another copy in encrypted Mac disk image format for OS X? This'll be a little annoying to set up (or update), since you need to create/update two copies in sync.

How to create the disk image depends on whether you expect to need to update the data. If it will be updated, run Disk Utility, choose File > New > Blank Disk Image, then set the volume name to something reasonable, set the size larger than you expect to need, select an encryption mode, and set the Image Format to "sparse disk image". After creating the image, you can add, remove, and replace the files in the image and it'll expand as needed (up to the size limit you set).

If you don't expect to need to update the data, put the files to be encrypted in a folder, then in Disk Utility choose File > New > Disk Image from Folder, then select the folder to be encrypted, then select an encryption mode and set Image Format to "compressed". This makes a smaller image (depending on how compressible the data is), but it cannot be updated.

Once the image is properly created, you can replicate its contents into an encrypted zip archive by mounting the image, then running the commands:

cd /Volumes
zip -r --encrypt /path/to/where/to/put/archive.zip imagevolumename

Warning: this uses the original zip encryption method, which is not very secure. If this isn't good enough, you'll have to use tools other than those supplied by default in OS X.

Improve this answer
2

Seeing your dilemma, and even knowing its not what you are expecting as an encryption suite or piece of software, I would still recommend an encrypted DISK solution. USB thumb drive such as a Kingston DataTraveler Locker+. I think they go up to about 32GB last I knew, maybe bigger by now. I'm sure there are also other solutions out there that are similar, but I know this one works on Mac.

What it does is create a "CD ROM" on the computer you plug it into, run the utility on the CD ROM, input the password, and it allows mounting of the storage volume. Without the password, you can't see any data on the drive. It's portable, and works on both platforms.

Improve this answer
2
  • Thanks! Capacity is in no way a problem here -- it's only a few kB of data in one or two plain text files. For that reason buying an entire secure drive seems like overkill. But if that's what it takes to get simple, transparent security, it might be the right solution.
    – octern
    Commented Jan 13, 2012 at 4:19
  • Yeah they make em down to like 4GB for like... i think less than $30.
    – Paperlantern
    Commented Jan 13, 2012 at 13:56
1

OpenSSL can be made portable in the sense of running from a USB drive without being installed.

You would need both OSX and Windows versions of the programs on the same USB drive.

You could set up batch-files/scripts that your boss could invoke if they are comfortable with simple command-line usage on both platforms. The link above provides drag & drop encryption/decryption through Windows Explorer. You might be able to create something similarly graphical for OSX.

Improve this answer
0

If size is small, you can (?) send mail with attachment, encrypted by PGP|S/MIME (if e-mail clients can handle encryption). Just get keys before

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .