This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

OSX Encryption Apps

Tacitus99
edited May 2011 in Mac
I currently use 1PW and DropBox and, sometimes for additional security I wish to encrypt individual files and folders. Does anyone know of any encryption apps that work with 1PW?



The reason I ask is that if I use Disk Utility to create an encrypted disk image it will not accept a password for decryption pasted from 1PW - it needs to be input via the keyboard. Fine for memorable passwords, but not if I wish to use random characters.

Comments

  • khad
    khad Social Choreographer
    Our own [url="http://agilewebsolutions.com/knox"]Knox[/url] application also uses the encrypted disk image technology built into OS X, and I don't seem to have trouble copying and pasting passwords from 1Password. 1Password integration has been a much requested feature, though.



    You can [url="http://agile.ws/downloads"]download a free 30-day trial of Knox[/url] if you want to "kick the tires." <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />
  • [quote name='khad' timestamp='1304483401' post='26209']

    Our own [url="http://agilewebsolutions.com/knox"]Knox[/url] application also uses the encrypted disk image technology built into OS X, and I don't seem to have trouble copying and pasting passwords from 1Password. 1Password integration has been a much requested feature, though.



    You can [url="http://agile.ws/downloads"]download a free 30-day trial of Knox[/url] if you want to "kick the tires." <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

    [/quote]



    Thanks Khad I missed that one and it was right under my nose <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> Don't know why paste won't work - it's OK on supplying a password on encryption but not for the decrypt stage. I'm on Leopard on a G5 so maybe that's a factor.



    I'll give Knox a try.
  • [quote name='khad' timestamp='1304483401' post='26209']

    You can [url="http://agile.ws/downloads"]download a free 30-day trial of Knox[/url] if you want to "kick the tires." <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

    [/quote]



    Ok tried it and it does the job fine, so will purchase in due course. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> One thought though - are there any plans to release a Windows version? Together with DropBox it would make a useful cross platform means of securely transferring files.
  • khad
    khad Social Choreographer
    I am glad you like Knox! Thanks for letting me know. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Unfortunately there are no plans to create a Windows version of Knox. Knox is Mac-only because it uses Mac OS X’s encrypted disk images to encrypt your data. This technology is not available on Windows. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' />



    Regarding Dropbox syncing, please be aware that we strongly recommend against storing your Knox vaults in your Dropbox folder or on something like iDisk at this time.



    When we look at an open Knox vault it appears to be normal folder containing files and other folders, but that is not how it is structured on the disk. Because of this a Knox vault can only safely be opened on one Mac at a time. At the moment there are no safeguards preventing the same vault from being opened on multiple computers.



    For the same reason, some Knox vaults are very poorly suited to file based syncing mechanisms like Dropbox. A single change in one file in the vault may require that the entire vault be recopied.



    So for these reasons, Knox vaults should not be stored in Dropbox folders or iDisk volumes.



    You can still use Dropbox or iDisk for storing backups of your Knox Vaults, but they should not be used for active vaults.



    Please see our "[url="http://help.agile.ws/Knox/sync_vaults.html"]Syncing Knox vaults[/url]" guide for more information.



    I hope that helps. Please let me know.
  • [quote name='khad' timestamp='1304575464' post='26279']

    Unfortunately there are no plans to create a Windows version of Knox. Knox is Mac-only because it uses Mac OS X’s encrypted disk images to encrypt your data. This technology is not available on Windows. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' />

    [/quote]

    Shame but I can see why it wouldn't be.



    [quote name='khad' timestamp='1304575464' post='26279']

    Regarding Dropbox syncing, please be aware that we strongly recommend against storing your Knox vaults in your Dropbox folder or on something like iDisk at this time.

    [/quote]

    Thanks for the heads up but that's a blow <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' /> My intention was to leave a vault in the DropBox folder and drop files into it for syncing with other machines as necessary. It's very unlikely that a single file, or an entire vault would be worked on by two people at the same time; essentially it would just be additional security for transmission of files via DropBox. The file would be removed from the vault (in DBox) at the other end, worked on and then put back for syncing if needed.



    I think that should work, but however rigidly you try to adhere to them, systems have a habit of tripping you up at the time you most need them to work <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
  • khad
    khad Social Choreographer
    You should be fine if you close the vault before opening it on another computer, only ever opening it on one computer at a time, but this is very easy to forget. Be careful out there! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />
  • benfdc
    benfdc Perspective Giving Member
    [quote name='Tacitus99' timestamp='1304526551' post='26235']

    Ok tried it and it does the job fine, so will purchase in due course. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> One thought though - are there any plans to release a Windows version? Together with DropBox it would make a useful cross platform means of securely transferring files.

    [/quote]

    It's nowhere near as elegant as Knox, but TrueCrypt seems to be the most popular cross-platform "encrypted volume" software at the moment. I had a devil of a time getting it running under 64-bit Snow Leopard, though (had to run down a 64-bit friendly build of MacFUSE).



    You can distribute PASSWORDS securely in a cross-platform way by exporting selected 1Password items as an encrypted HTML file. As with TrueCrypt, Knox, or anything else of this nature, you still need to have a secure way to distribute the shared password.



    Note that if two people have the same Dropbox-ed TrueCrypt volume mounted on their machines at the same time in something other than read-only mode, mayhem could ensue. I believe that 1Password is doing some fancy stuff to try to avoid conflicts when a Dropbox-ed 1Password keychain is in use on more than one device, but it's clearly harder to do this sort of thing with products like Knox or TrueCrypt.
  • jpgoldberg
    jpgoldberg Agile Customer Care
    [quote name='benfdc' timestamp='1304621975' post='26338']

    Note that if two people have the same Dropbox-ed TrueCrypt volume mounted on their machines at the same time in something other than read-only mode, mayhem could ensue. I believe that 1Password is doing some fancy stuff to try to avoid conflicts when a Dropbox-ed 1Password keychain is in use on more than one device, but it's clearly harder to do this sort of thing with products like Knox or TrueCrypt.

    [/quote]



    You are absolutely correct. If you experiment with syncing encrypted disk volumes, please make sure that you have good backups (and test your backups). Encrypted volumes are fragile and corruption due to syncing and modifications are common. So anyone who wants to try this, should be careful.



    We explicitly advise people not to put Knox volumes in Dropbox or similar. If you use TrueCrypt instead, I would recommend that you look at the Dropbox forums on this topic for advice and warnings. Some people manage to get away with it, but good backups are very highly recommended.



    For individual files that need to be encrypted in a cross platform way, I've taken to just using 1Password attachments. I used to use GPG for that.



    Cheers,



    -j
  • JPGoldberg & Benfdc:



    Thanks for the advice regarding encryption. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> In my case the only way an encrypted volume would be open in two places is if I forgot to close it before moving on.



    Regardless of any potential problem with DropBox I think Knox is a useful app in its own right. Certainly on my machine it seems to work better with 1-PW than the alternatives. One point though, the encrypted volumes are given the title (say) bloggs.sparsebundle Even if I check 'hide extension' it still remains. However if I delete .sparsebundle it still recognises the vault and opens with Knox. Am I correct in assuming this is a hangover from system 9 days (resource forks?) and deleting the extension shouldn't be regarded as good practice? I've only tested this on Leopard so maybe resource forks have gone in Snow.



    Never thought of using 1-PW secure attachments <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



    What exactly does MacFUSE do? I tried installing Wuala which uses it - couldn't get Wuala to work, probably because it connects via obscure ports and the Uni blocks pretty much everything except 80 & 443