By Manny Fernandez

January 1, 2020

Encrypting a USB Thumb-Drive on macOS from CLI and GUI

There are a couple of ways to encrypt drives and volumes on macOS X.  I recommend that if you are going to use a thumb-drive for your own use, that you use encryption to protect the contents.  If this is a thumb-drive that will be shared (not recommended) you CAN create an encrypted volume within the drive and have half of it encrypted and the other not.

Command Line Option

I love the CLI so you will see a lot of macOS articles here on the CLI.  First thing to do is to run a utulity that will tell you which drive you are working with.  In my example I have a 16GB USB Thumb-drive that I will use for the demonstration.

 

2020-01-01_19-34-45v2.png

As you can see, my USB is in /dev/disk3

Encrypting the Volume

Now we will initiate the encryption.

2020-01-01_19-50-26.png

  1. diskutil – This is the macOS utility that has multiple uses all around the drive, volumes, and file systems.
  2. cs – CoreStorage (See below)
  3. convert – Convert a regular Journaled HFS+ or Case-sensitive Journaled HFS+ volume (must be on a partition and within a GPT partitioning scheme) into a CoreStorage logical volume
  4. disk3s2 – Is the identifier for the volume
  5. -passphrase – tells the diskutil that we want to add a password
  6. the actual password to be used

Core Storage – Layered between the whole-disk partition scheme and the file system used for a specific partition is a new logical volume format known as Core Storage, introduced in OS X Lion. Core Storage makes it easy to dynamically allocate partitions while providing full compatibility with existing filesystems. In particular, Core Storage allows in-place transformations such as backgrounding the full-disk encryption used by File Vault 2.

When this process in complete, and you remount the drive, you will be prompted.

2020-01-01_20-06-53.png

GUI Version

I must admit, this method is cleaner.  First thing is hit the ⌘ and space bar

2020-01-01_20-09-56 (1).png

You should see your SpotLight Search dialog come up.

Start typing disk and you should see Disk Utility show up

2020-01-01_20-12-40 (2).png

Once inside the utility, choose your thumb-drive and choose Erase

2020-01-01_20-16-46.png

Choose a file system that contains Encrypted in the name.

Once you select one, you will get prompted for the password

2020-01-01_20-18-29.png

You CAN choose the key icon next to the Verify field to have it generate a random password.  Your mileage may vary.

2020-01-01_20-18-54.png

Once the operation has completed, you should get a screen similar to the one below.

2020-01-01_20-22-19.png

Hope this helps.

 

 

 

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • If you have spent any time in a SOC,... Full Story

  • 1. Executive Summary Objective: This guide walks through configuring... Full Story

  • A vendor-neutral deep dive into the control plane and... Full Story