Mac 101: Creating Secure Disk Image Files


If you have files on your Mac (s aapl) you don’t want others to have access to, the simplest way to secure them is to create an encrypted Apple disk image. An Apple disk image is a single file that can be mounted by OS X as a drive. You can create new blank disk images, which bear the familiar .dmg file extension, on a Mac using Disk Utility.

  1. Open Disk Utility (located in Applications>Utilities) and select File>New>Blank Disk Image from the menu bar.
  2. Under “Save As,” enter the desired filename for your .dmg. Enter a name for the disk image (this is what will appear in your source menu when it’s mounted) and choose the size of the disk you want to create.
  3. Keep the format set to the default: Mac OS Extended (Journaled)
  4. Go ahead and set the encryption to 256-bit AES
  5. Set Partitions to Single partition – Apple Partition Map
  6. For Image Format, choose read/write disk image

When you click Create, you’ll be prompted to set a password for the file you’ve created. If you click on the key image next to the password field, a Password Assistant will pop up to help you create a strong password. Choose Memorable and a long length (the max length of 31 characters is most secure), and the Password Assistant’s autogenerated password will be very hard to guess using a software program (the level of security is similar to that of a Captcha, the word-generating fields used to determine whether a visitor is human or not).

Dragging data to your disk image when it’s mounted will copy it to the .dmg. Once you eject the disk image, you’ll need to enter your password to mount the image again and access your files. If the .dmg file is unmounted (ejected), people who don’t have access to your password won’t be able to get the data within. You can securely mount the resulting .dmg file from any Mac. If you decide to remember the password in your Mac’s Keychain (the password prompt will ask you if you want to do this), keep in mind that anyone else who has access to the user account that keychain is associated with will also have access to the files within.

This technique is particularly useful when preparing taxes or hiding the electronic trail of receipts and correspondences related to a special gift you want to keep secret from tech-savvy nosy kids this holiday season.

Related content from GigaOM Pro (sub req’d):


Nicholas Woolridge

Great article; I found this part of your description potentially misleading:

“…the Password Assistant’s autogenerated password will be very hard to guess using a software program (the level of security is similar to that of a Captcha, the word-generating fields used to determine whether a visitor is human or not).”

Conflating captchas and secure passwords might confuse readers about how secure a disc image is, since their respective purposes are so distinct. The message should be that encrypted disk images are essentially uncrackable (even by Apple), if they use a secure password.


@deh: yeah you are perfectly right, sparse bundle disk image seems to be the way to go for “dynamic” disk images since 10.5. I found a good explanation on this “new” format (first result on Google):

“A sparse disk image is an automatically expanding disk image. In other words, you can create a 50 gigabyte sparse disk image, yet only put 5 megs inside it. The disk image will only take up five megs of space on your harddisk, but will be capable of storing up to 50 gigs of data should you choose to add it. Note that it auto-expands but does not auto-contract. In other words, if you delete files from the image, you will not regain any free space on your harddisk (although you will on the image). Disk Utility can be used to “shrink” a sparse image, reclaiming any unused space on the image.

A sparse bundle is essentially the same thing, the only difference is that while a sparse image is one giant file on your disk, a sparse bundle is actually lots of small files (8 megabytes each). They work and look the same way, but you can right-click on a sparse bundle, select “show package contents” and see the individual 8 meg “bands”.

The sparse bundle was introduced with OS 10.5 in order better support Time Machine (Especially with FileVault, where the entire home directory is a sparse bundle). Previously, a backup programme would see the image as one file, and if any changes had to been made to it, it would have to recopy the entire image. With sparse bundle, it can only copy the bands that have been changed since the last backup, so the backups are much quicker. It also is likely to decrease the chance of data loss, as you could conceivably restore parts of a damaged image.

Basically, if you want a sparse image, use the sparse bundle under 10.5. Only use the sparse image if you need backwards-compatibility with earlier versions of the Mac OS.”


One problem with this is that your disk image is kept in a single monster-sized file, and if you use Time Machine, the whole file must be written to the archive whenever you change *anything* in the virtual disk.

A solution is to select an image format of “sparse bundle disk image”. A sparse bundle acts much like a dmg file but it is actually made up of many small files and is therefore much more efficient for backing up.

Geoffrey Goetz

Thanks for the tip! I typically do not use these for large amounts of files, or huge files. Mostly for financial data and tax archives, which do not take up too much space. More like a secure zip file on Windows (old WinZip/PKZip user).

Comments are closed.