Creating an Encrypted Disk Image on MacOS
The Disk Copy or Disk Utility feature for macOS can be used to create an encrypted disk image, which requires a password to open or become available (to "mount"). An encrypted disk image acts as secure storage space and can be used like any other disk image file. It may be copied to or created on network volumes or removable media, including Zip drives, USB flash media, or FireWire hard drives. Each encrypted disk image is protected by a password. The following document explains how to create, mount, and unmount an encrypted disk image.
Important: If you forget the password to your encrypted disk image, the data on that disk image cannot be recovered.
Files can be moved to or from an encrypted disk image as easily as you can from a non-encrypted disk image. Please be aware of the following when using an encrypted disk image:
- Backup programs will need to back up the entire image if any file stored within the image has changed, since the image appears as a single file.
- There is no way to change the password on an image file.
- An encrypted disk image cannot be used as your home directory.
Complete the following steps to create an encrypted disk image for your version of macOS v. 10.4 or greater.
- Click Go, Applications, Utilities then click to open Disk Utility.
Note: You can also click the New Image button and go to Creating a New Blank Image section.
- Choose File, then New, then Blank Disk Image.
- A New Blank Image window will display.
- Enter a name in the Save As field. This name is used for the disk image (.dmg) file.
- Enter a name in the Name. This name displays when the disk image file is opened (mounted).
- Select the Size of the image file from the pull down menu.
- Choose the Encryption option 128-bit AES to encrypt the image.
- Select the volume Image Format from the pull down menu. The default “read/write” option is recommended. Click the Create button.
- Enter and verify a secure password when prompted and click OK.
Note: Ensure the box next to Remember password (add to keychain) is unchecked. This ensures that no one will be able to determine the password for your encrypted drive by checking your keychain.
Mounting and Unmounting Encrypted Disk Images
- After the encrypted disk image has been created, it will automatically mount for the first time and files can be copied to this location. The named volume disk image will display above the mounted source file.
- When you are finished using the encrypted disk image, you must unmount the image by dragging its icon to the trash or selecting the eject button next to its icon in any finder window (In the example below, the encrypted disk image is named “personal”).
- To mount the image again, simply double-click on the disk image you created. In the image below, the disk image is named personal.dmg. You will see it at the top of the list.
- Enter your password when prompted. Click OK. Your disk image should be mounted.
Note: Always remember to unmount your disk image when you are finished with it.