Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

How to create a fully-encrypted HFS+ hard drive Storage Devices
The free TrueCrypt 5 was recently released for Mac OS X (10.4 and 10.5 versions are available, as well as Windows and Linux versions). Some users, like me, may be frustrated trying to encrypt an entire drive or partition on the OSX version. TrueCrypt itself does not support HFS or HFS+ file systems so there is no obvious way to create a Mac-formatted, fully encrypted volume. Worse, if you use TrueCrypt to encrypt an entire (blank) drive and then use Disk Utility to create an HFS+ partition, the encryption gets overwritten.

After much trial and error and lengthy encryption processes, I have found a solution. Note that for this test I used a USB-attached 160GB hard drive, so speed was pretty slow to begin with. Be sure the drive to be encrypted is either already blank or has been fully backed up to another device. This process will completely delete any files you had on the drive.

Install and launch TrueCrypt. Select to create a new volume and select your options (ie. encryption format such as AES or Twofish) and select the drive you plan to encrypt. Note that the OS X drive selection window does show the volume names you have assigned to each of your connected drives, so it's fairly easy to choose the correct one. Finally, choose to create the volume as FAT formatted.

After a lengthy process (my 160GB USB drive took around three hours), you will have an encrypted drive with a single FAT-formatted volume. Now you can launch Disk Utility and use the Erase> option (do not use Partition, or you'll overwrite the encryption) to change the volume's filesystem to HFS+ as you normally would for a simple reformat.

That's it! You'll then have your HFS+ drive which requires launching TrueCrypt and entering your password in order to unlock and mount. Attempting to mount the drive directly in OS X without going through TrueCrypt will tell you the drive is unreadable (as it should, since OS X itself cannot read the encryption).
    •    
  • Currently 3.29 / 5
  You rated: 5 / 5 (7 votes cast)
 
[56,179 views]  

How to create a fully-encrypted HFS+ hard drive | 13 comments | Create New Account
Click here to return to the 'How to create a fully-encrypted HFS+ hard drive' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to create a fully-encrypted HFS+ hard drive
Authored by: dbs on Mar 06, '08 07:49:16AM

If you're going for HFS+ in the first place (mac-specific) why not just create an encrypted disk image (sparse, sparsebundle, or not) on the volume? It should have the same level of security, and will just work, but won't be cross platform. Of course if you're using HFS+ then you're probably not that concerned about cross-platform in the first place.



[ Reply to This | # ]
Correct link and advantages
Authored by: noworryz on Mar 06, '08 08:47:08AM

The correct link for TrueCrypt is www.truecrypt.org

The TrueCrypt site explains one major advantage over the simpler encrypted disk image approach. TrueCrypt provides plausible deniability in case an adversary is able to force you to reveal a password (through legal means or coercion):

  • A hidden volume in the empty space of the true volume
  • Volumes cannot be distinguished from random data


[ Reply to This | # ]
Correct link and advantages
Authored by: Typhoon14 on Mar 06, '08 10:39:33AM

Actually, the Mac Version does not support the hidden volumes, so there is no plausible deniability (the option is there in the mac version, but when you select it you get a message that hidden volumes are not supported on the mac).

Really, about the only reason to use Truecrypt on the Mac is if you need a fully cross-platform encrypted volume.



[ Reply to This | # ]
How to create a fully-encrypted HFS+ hard drive
Authored by: Dr. T on Mar 06, '08 11:34:12AM

The process seems complex, time-consuming, and potentially dangerous. I believe an encrypted partition that was set to 'invisible' would provide nearly as much security as the hidden TrueCrypt volume described by noworryz.

Also, if my digital data was so important that my life could be threatened by evil villains, the means of encryption would be far less important than my physical security. After all, if threats would make me reveal the main drive password, wouldn't I also reveal the presence of TrueCrypt after the evil villains failed to find the secure data and brought out the thumb screws and hot pokers?



[ Reply to This | # ]
How to create a fully-encrypted HFS+ hard drive
Authored by: doneitner on Mar 06, '08 09:31:43PM

It is rather complex, unfortunately. That's why I submitted the hint so people who are interested will know how to do it. I spent the better part of a weekend figuring this out. It should be made easier. Until it is, this works.

There are more reasons one might want an encrypted disk (or disk image) than just "evil villains" as you put it. :) There's probably half as many reasons as there are people using computers. Encrypted disk images made with Disk Utility are good but they're not the only means to any particular end and frankly I'm not seeing any performance improvement in using an encrypted DMG file versus a TrueCrypt encrypted volume -- they both drag my 80+ MB/s drives to around 30MB/s.



[ Reply to This | # ]
TrueCrypt is of limited use on the Mac
Authored by: lincd0 on Mar 06, '08 08:20:52PM

It depends on FUSE, which is slow and unreliable. The way TC works is rather kludgy. It creates an encrypted store on the raw device file, which FUSE then mounts as a filesystem containing a single file, a sparse disk image. You mount that image, and there's your volume. Unfortunately, disk images aren't allowed as Time Machine backup disks, so you can't use TC at all for that purpose.



[ Reply to This | # ]
TrueCrypt is of limited use on the Mac
Authored by: rloomans on Mar 11, '08 04:28:48PM

MacFUSE itself is neither slow nor unreliable. I use it extensively for both remote access (SSHFS, FTPFS) and local access (NTFS-3G, Parallels Desktop volume sharing) and it's been rock solid. Using MacFUSE and NTFS-3G is *much* faster for NTFS volumes than the OS X read only driver.... and you get write access as well.

On the other hand, some of the other FUSE filesystems are a bit flakey.... but that is the fault of those filesystems and/or the limitations of what they are doing, not the fault of MacFUSE.

If TrueCrypt on the Mac is unstable, it is more than likely TrueCrypt's fault, not MacFUSE.



[ Reply to This | # ]
How to create a fully-encrypted HFS+ hard drive
Authored by: hamarkus on Mar 07, '08 04:33:21AM

Isn't MacDrive able to read HFS volumes? Would TrueCrypt + MacDrive enable the use of HFS and encryption and at the same time ensure cross-compatibility?



[ Reply to This | # ]
How to create a fully-encrypted HFS+ hard drive
Authored by: lululog on Apr 16, '08 01:51:56PM

Hi,

I've just tried it and accessing a HFS formated TrueCrypt volume with MacDrive works fine ;-)



[ Reply to This | # ]
How to create a fully-encrypted HFS+ hard drive
Authored by: CyberDude on Jul 20, '08 01:46:18AM
Ai, thanks 4 the guide BUT i tried it exactly step by step on Tiger 10.4.11 and when i hit the "Erase" button in DiskUtility, it just overwrites the previously created and mounted TrueCrypt volume... I don't get it how u guys do it. If it's not mounted and i try to format, DiskUtility complains. Preparing to erase : "DATA" Volume Erase failed with the error: Could not unmount disk If it's mounted it gets overwritten in an blink of an eye. that's what my diskUtility looks like... http://www.geocities.com/jfi29f902/FORUM_POSTING_BILDER/DiskUtility.png FAT32 suckx... i rather want HFS+ or NTFS encrypted Volumes. (no 4GB file size limit etc.)

[ Reply to This | # ]
How to create a fully-encrypted HFS+ hard drive
Authored by: CyberDude on Jul 20, '08 01:49:31AM

All i could do is put a blank diskimage.dmg into the FAT32 TrueCrypt partition, which is no option because of the 4GB limit of FAT32.

... i don't have an Erase > option... if i erase it also formats...



[ Reply to This | # ]
How to create a fully-encrypted HFS+ hard drive
Authored by: CyberDude on Jul 20, '08 01:51:05AM

Okay it's the other way around... if TrueCrypt volume is mounted it can not be erased... if it's unmounted... it can, but gets overwritten. HELP!



[ Reply to This | # ]
TrueCrypt 6.2 Creates HFS+ Volumes!
Authored by: doneitner on Aug 08, '09 09:04:52PM

Just a note to say I just downloaded TrueCrypt 6.2a (I haven't used it since 6.1) and you are now able to create an HFS+ (MacOS Extended) volume directly within TrueCrypt. It is now an option right alongside FAT when you go to choose a format for your new volume.



[ Reply to This | # ]