Encrypt Mail attachments?

Started by DavidB, August 18, 2012, 11:47:55 AM

Previous topic - Next topic

DavidB

With OS X 10.7.4, is it possible to encrypt Mail.app attachments only? Would the performance penalty be less than if I encrypted the entire Mail folder? Also, would there be a performance penalty with regard to backups via CrashPlan?

Thank you,

David

zsolt

#1
Hello David, you can encrypt any folder you want, just make sure it is unlocked before you launch Mail. The best is to have Espioange open on login and set the folder to auto unlock.
Crash plan will backup the disk image which is in Library/Application Support/com.taoeffect.espionage3/Data and this will do, just make sure this folder is saved.
Regarding performance, I do not expect any problems, but it all depends on speed of the mac, disk and size of the folder/number of emails, so you have to test.

Rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

DavidB

#2
Thank you for your reply--I appreciate your help.

If the folder is set to auto unlock (by which I assume you mean, unlock on login?), though, won't it be available to anyone who steals the computer and changes the login password?

Also, when you say to make sure the folder is saved, could you explain a little more?

David

zsolt

#3
Hello David,

Quotewon't it be available to anyone who steals the computer and changes the login password?

Well I'm not sure how could one change the login password....enable root password, create a new user with admin privileges then change the login password of another admin user on the Mac....not sure if this is possible, but I might be wrong.
Stealing the mac will help nothing as long as he cannot log in as you.
But it surely does give one chance more to somehow hack the things and access the data.
Auto open is not a must, it is just a bit of a convenience, but surely you can switch it off and simply remember to unlock the folder before starting Mail.
Also keep in mind the "reopen windows on login" option which appeared first on Lion, as in that case OS will start the mail app for you without asking you first.

QuoteAlso, when you say to make sure the folder is saved, could you explain a little more?

Just make sure the folder is not excluded from the backup, by folder I mean Library/Application Support/com.taoeffect.espionage3 as it is the folder which contains both the disk images and the Espionage database with passwords.
This is if you protect folders on the local disk, if you protect a folder on external disk then Espionage will ask you where do you want to save the disk image, in that case make sure that the backup saves that disk image too.

Rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

DavidB

#4
Quote from: "zsolt"Well I'm not sure how could one change the login password....enable root password, create a new user with admin privileges then change the login password of another admin user on the Mac....not sure if this is possible, but I might be wrong.
Stealing the mac will help nothing as long as he cannot log in as you.
But it surely does give one chance more to somehow hack the things and access the data.

Thank you again for your reply and sorry for my ignorance about such basic OS features, but if just logging out of your account keeps someone from accessing your files, why bother with encryption?

David

zsolt

#5
Quoteif just logging out of your account keeps someone from accessing your files, why bother with encryption?

Because if you mount the disk as an external one then the permissions are normally ignored. So if one steals your Mac, and attach it in target disk mode, or takes out the disk and attaches it through an external disk enclosure, he can access all your files, including the encrypted disk image. But to decrypt the disk image he needs the password so all what is inside the disk image is quite safe.

And no need to apologize, we all learn all the time, I'm sure you know many other things I don't :-)

Let me know if you have further questions.

Rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

DavidB

#6
Quote from: "zsolt"
QuoteBecause if you mount the disk as an external one then the permissions are normally ignored. So if one steals your Mac, and attach it in target disk mode, or takes out the disk and attaches it through an external disk enclosure, he can access all your files, including the encrypted disk image. But to decrypt the disk image he needs the password so all what is inside the disk image is quite safe.

Yes--that is what I thought. What I am not understanding is that you suggested before to have Espionage open on login and set the Mail folder to auto unlock. Can't someone who steals the computer change the login password and then have access to the Mail folder?

David

zsolt

#7
To change your login password he needs to know your current login password.

Put yourself in the role of a thief, how would you do it? You cannot login into your mac if you do not know the user password....

This is now a bit off topic, but nevertheless, feel free to ask if it is still unclear.

Rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

DavidB

#8
Quote from: "zsolt"To change your login password he needs to know your current login password.

Put yourself in the role of a thief, how would you do it? You cannot login into your mac if you do not know the user password....

This is now a bit off topic, but nevertheless, feel free to ask if it is still unclear.

Again I apologize if I am not understanding correctly but I thought that anyone with an install disk could change the administrator password, as explained here <http://support.apple.com/kb/HT1274>?

By the way, I think this is on topic since using Espionage in the way you suggested depends on it.

Thank you,

David

zsolt

#9
Hello David, the article you pastes was I needed to understand what you are referring to, now it is clear.

In one of my replies I told you "But it surely does give one chance more to somehow hack the things and access the data."
If the autounlock is not set then one must know the Espionage password to access your data, if the autounlock is set then one must know your login password.
Considering there is no way you can reset or access the Espionage password, in comparison to resetting the login password which is possible, although not so easy to do, it is clearly more secure to have it set not to autounlock then to auto unlock.

But again, to reset the login password you need to know the administrator password, or you have to be able to boot the mac from installation CD. And this all if you did not set the firmware password, which will then prevent booting from the installation dvd, unless you change the ram module, which will reset that setting too. But considering on some macs the ram module is soldered on motherboard, it is again a question if this is possible.....

So in the first paragraph I answer your question, in the second we are discussing if and how it is possible to reset the user password, this is why I mentioned that it is off topic.

Rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support