Mount external Encrypted drive with random password
Let me start by I LOVE THE PRODUCT!, Get everyone I know to at least try it.
That said, ran into an issue that I can't find a simple answer to so wanted to share my two days of heart burn to help others avoid my pain and what I learned.
Wanted to keep my stuff protected on a removable drive and did a copy and paste into 1Password to keep my drive encrypt password safe. Copied two days worth of encrypted data to find I can't copy and paste the password. So here goes how I now do this process.
Encrypted external drive and have create a random password (one copied and stored in 1Password) that I copy and paste into an item.
Eject the drive and go into terminal before doing any files copies to the drive.
To find the new drive encrypted issue the following command in terminal
diskutil list
/dev/disk4
#: TYPE NAME SIZE IDENTIFIER
0: Apple_partition_scheme *168.8 MB disk4
1: Apple_partition_map 32.3 KB disk4s1
2: Apple_HFS AdobeCameraRaw-9.1.1... 168.8 MB disk4s2
Offline
Logical Volume Photos on disk1s2
3E5F3452-913C-1234-9B11-A8SSDFE56EZB
Locked Encrypted
This will give you the information you will need to build the mount command so you can keep the password safe and out of the OS Keychain.
Now that you have the command you can keep the password and allow you to mount the external drive with having to type a 31 character random password. The command to mount this drive is as follows:
diskutil coreStorage unlockvolume 3E5F3452-913C-1234-9B11-A8SSDFE56EZB -passphrase
If everything works you will get something like the following:
Started CoreStorage operation
Logical Volume successfully unlocked
Logical Volume successfully attached as disk2
Logical Volume successfully mounted as /Volumes/Photos
Core Storage disk: disk2
Finished CoreStorage operation
Now if you run the disktuil again you will see the drive and should see the drive pop onto your desktop.
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: Apple_HFS Photos *1.5 TB disk2
Logical Volume on disk1s2
3E5F3452-913C-1234-9B11-A8SSDFE56EZB
Unlocked Encrypted
Hope this helps and encourages more to encrypt your removable devices not so you won't have to replace the device if you lose it, but so your data stays in your hands.
Thanks
Andrew
1Password Version: 5.3.2
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @aszajlai,
Yeah... There are a couple of OS dialogs where you can't paste. Another gotcha is with the OS X keychain. I thought I was being smart creating a 64 character passphrase for my SSH key until OS X asked for it in a dialog that doesn't allow pasting. That was not fun and I've reduced the size somewhat as a result.
Your encrypted drive, is it simply an encrypted disk image on the volume? I ask because I did discover this weird quirk a while ago while testing something with Knox. Knox is a vault manager but for reasons I don't understand, while 1Password won't interact with Knox directly, Knox does allow for pasting. You might be quite happy with your current arrangement of course, I just thought I'd mention that particular finding of mine.
I do like your thinking of ensuring your backups are secure too :smile:
0 -
I'm new to Mac so I might be a bit off on my terms. The external drive was erased and a single partition was created that is encrypted. As part of setting-up the drive I erased it with Disk Utility and changed the default format from "Mac OS Extended (Journaled)" to "Mac OS Extended (Journaled, Encrypted)". So I think it's at the drive level. I can not use the device until I mount the device with the password so the device must be reformatted for use. My main intent of if you find the drive you will not be able to get the data, but I can replace the device if I have lost it.
Thanks for the additional items to look out for on the OS.
0 -
Hi @aszajlai,
I'll need to play about with that option to see how it works and what it looks like to the OS if you don't decrypt the drive. I thought File Vault was simply using encrypted disk images but I could be wrong. Time to go investigate :smile:
0
