Create an attachment in Cli

I don’t use Proton or pCloud myself, but I cannot imagine that their cloud storage would in any way be affected by the status or existence of your iMac — this is the whole purpose of cloud storage to begin with: to have a place to store data that is independent of one’s local hardware.

Also, GPG Suite is open source software, so you should always be able to download and compile your own copy of the source code, or to create a third-party tool to decrypt any files that were encrypted using GPG Suite. More likely, such tools are already available, or will quickly be created by programmers in the open-source community if there is any hint that GPG Suite will “go belly up”. You didn’t mention any concern about Bitwarden going “belly up”, although Bitwarden is also open source software, so the same safety rails exist.

Once you have an encrypted version of each document (or an encrypted container containing multiple documents), those should be safe to store at a location of your choosing. It is best to create multiple copies of the encrypted data — for example, you can keep one copy on your iMac, a second copy on a local external drive (or on a DVD), and a third copy in cloud storage. After you have encrypted the files and created multiple independent backup copies of the encrypted data, you can delete the original (unencrypted) files. It would be a good idea to first test your ability to decrypt the data and recover the file, before deleting the originals.

What? You are on MacOS. Using its Disk Utility you can create encrypted virtual drives (.dmg) which you can then move around like files, whether to the cloud or to external drives or USB flash drives. This is what I do for secret documents, and to store my BW backups. I created another as a digital emergency sheet for my adult children who live elsewhere. I organise it so that Keychain does not know the passwords – access to your computer is not enough to access the virtual drives / secret files.

MacOS gives you all the flexibility without external tools. Please look into it for your secret documents storage.

Returning to emphasise this point: a feature of MacOS is that it provides directly for full disk encryption (I encrypt disk and backups), for encrypted virtual drives of any size (e.g. one of mine is 100MB, and that is more than needed), those drives can be moved around like any file, and if you want to get into the command line then you can access all openSSL tools for symmetric encryption and PKI, as I use for passkey access to my internal servers or other machines.

No xxxxCrypt, xxxGPG or any of that ilk is required to do what you please in the way of securing and storing data. Do not complicate your life.

1 Like

Yes true ,unlikely or it is impossible that proton or pCloud could be influenced by my computer. Maybe I took notion from Telegram which does not sync ,and delete messages from the other persons phone too if I want , or something like this . Yes cloud storages are wery handy and sure it is independet from my computer .
Unlikely that Bitwarden is going to swim with belly up ,I think it is a strong company and even if data is compromised ,data still will not be lost - as I think. All such companies as Bitwarden I think they are pretty safe .GPG suite as you say also will create new programs in case something happens.

Yes storing data at 3 places is a good idea ,and yes I had a problem one time .I uploaded an encrypted file to some cloud company ,but later I could not decrypt it - still the reason is unknown to me.

I found a good idea which I still practice even today - I have 2 email subscriptions one proton the other mailfence . Mailfence is newer used for sending or receiving emails from outside ,but it is used as a storage , to store PGP messages which I send from my Proton account . But now I may change praxis as I have other subscriptions - but still I newer had any problem with this praxis. But it is wery important as you say to test decryption of data before destroying the original data .

I see .yes I seen those .dmg files on my computer , but I newer understand what they was . But then how or what is the process to create thesse (.dmg) files ?

I have this file vault turned on - and that is wery much a good praxis .

. Sure you have right ,Mac computers are really wery handy and also wery secure .Where are those instructions about the CLI ? The CLI is wery important ,not only because of this security ,but I discovered that organising folders and moving items around is much faster than using the finder .
And sure in future anyhow I need to know this subject - but as I study the CLI I will discower its funcionalities . The (.dmg ) files or virtual drives is what I just heard about ,but newer looked at it .

Disk utility is the easiest way to manage your drives. If you prefer CLI then the tool for which you are looking is hdiutil. Open Terminal, where you can use multiple windows or tabs (multiple shells).

If you are not sure where to find things in Applications then use Spotlight search from the main menu bar.

Purely as a suggestion, it might be worth exploring what the macOS GUI can offer over the top of its BSD UNIX core before assuming the CLI is needed. Terminal will always be there for you anyway.

1 Like

I am just about to learn the Terminal ,but as I saw that is a wery fast way to go, the only way I like with the terminal that it is wery fast ,and also wery instructive ,apart from this I am not that in for that - as a small business - owner I have limited time ,but in Corona times I learned a lot ,so also I am not against the Terminal . Terminal can be used for many other things too

I looked just now at disk utility and I try to figure out how or where to begin ,there most be some instructions on apple manual ? First I try to use the GUI and later I may learn the terminal .

I have a zs shell ,not bash ,but this makes well ,no difference ? I know also some basic commands and also I try to learn how to navigate in the CLI . Not that almighty difficult ,but all my friends are scary from it . The terminal is not that area what the ordinary Swede will think about it at first hand .

But yes the diskutility sounds good and healthy .

1 Like

Yes it was wery simple to create a dmg file , but I suspect I need to use the Text Editor to save files into the dmg file ?

I set a password on it , generated by BITWARDEN . Password saved in Bitwarden and also I written it out from my computer. But it was much easier as I tought - it was to create a new file ,then choose encryption and choose storage size and save nothing else . But as I understand I must close this file ( dmg ) as it cannot stand there openly on my Macs window ? This is wery handy ,but here no any need of 2fa as an extra layer of security ? But discencryptions are may differ from ordinary logg in ?

I could not choose 256 AES kryptering ,but only encrypt . But I think it is 256 AES encryption Apple uses .

If you choose a password with 256 bits of entropy (e.g., a 20-word random passphrase or a 42-character random character-string), and if you store this password in your Bitwarden vault (which does require 2FA to access), then the file becomes as secure as practically possible

According to the screenshot below (from this web article), you should be able to choose between AES-256 and AES-128 encryption:

I could choose only between thesse 4 alternatives and I choosed APFS (KRYPTERAD) .Yes you have right indirectly I have a 2Fa on this disk ,Bitwarden requires 2Fa .

But this Mac now I have is bought in 2017 and now it is soon 7 years old and maybe on older Macs this possibility does not appear ? 

The dmg file extention also does not appear ,just simply it states : KRYPTERAD or ENCRYPTED , I think this .dmg  file sign may was the rule on older MACS ? 

I choose the password ,but as you see Apple has this passwordsgenerator too .

I did not used this password ,so this matters not .

After creating a password the encrypted disk was finished .

But the Partition was a little more difficult to understand - I tried with it but I got some warning and I stopped there

Sorry that I did not seen that some of my messages in the last message become formatted. But as you see here there are this partitioning , I think this is for something to divide ?
In reality I do not need to partition anything - but this cannot be either ,as now this disk states that its wolyme is 1 TB - this cannot be so something is not good here.

Then this FIPS -181-kompatibelt password is unclear - I think it has to do with some Industry standard as I read it longtime ago .
But clearly a 20 long random passphrase is enormous - better is the 42 -charater -string.
But the partitioning is unclear .

1 TB must be the size that you entered as the desired maximum size of the disk image. You should be able to specify a smaller size (as long as the total size of the files that you wish to encrypt will fit).

Partitioning is pretty common, and it is OK to have a disk (image) volume consisting of a single partition. Setting up the partition should give you options to format the partition, and the “sparse” formats (sparse image or sparse bundle) will actually take up less than the 1 TB image size originally specified.

I am not personally familiar with these disk formatting options, but based on reading a few results from Google searches it seems that the .sparsebundle format is theoretically better although it may (in practice) result in some buggy behavior.

@falu, you say a 2017 machine. What is the machine, and most importantly what version of MacOS are you running on it please? This will help when I am looking to answer your questions.

When you go to the Apple support site, in many cases you can specify the OS version when seeking an answer about standard utilities. It is not only features that change but in one memorable instance many years ago Apple completely reversed an action, the order of source and target, so it can be quite important to know versions.


Mac Os Monterey version 12.7.4

It is quite well , still it is working fabolously ,but in this year it is time to change it

But Mac Os Monetrey slowed it down considerably .

Not any (.dmg ) extension are visible and I cannot werify what encryptions I use 128 or 256 . I put 10 GB on it as I still have 700 GB left . 5 GB is well enough for all my documents ,the rest will be left for diggestion ,haha . But the end product I think is the same ,for after removing the disk from the computer screen and want to use it again it asks for the password ,so it most work as you told .
It also asks for - saving password in keychain ,it does not save passsword automatically . But the encryption status is not visible anywhere and on reading the information about the APFS DRIVE does not states that either.
The drive is in disc utility so ewerytime I need to use it I need to go through the diskutility - it does not remain in the FINDER after ejecting it from the screen ,but this is not that a problem .
The Partition also I do not understand . Whenewer I want to use it ,the message appears that the computer will not answer if I do so ,so this I do not understand either.

This is not wholly clear, so my response is also trying to confirm where we are. There are quite a few notes here picked up from different posts as I understand them.

Have you encrypted your system disk, or is that a separate internal partition?

The instructions to follow are here on the Apple support site (English version for which I trust you will have a Swedish version or will translate). They create a .dmg file on and within an existing disk, where completion of data like name, encryption (128 or 256 AES) and fixed size or a sparse image (resizable) are all selectable in the dialog presented after you choose File…New Image…Blank Image (or press Command-N) in Disk Utility.

If you have created a .dmg file following those instructions then opening it involves double-clicking on the filename.dmg you created. It does not require use of Disk Utility each time. Opening a .dmg file places a virtual volume on the desktop – make sure you have visibility of disk volumes turned on in Finder…Settings to see it.

To encrypt whole volumes, I believe Apple defaults to AES-256. For .dmg files you can choose -128 or -256 as Apple shows in the link. AES-128 is perfectly safe, and faster for encryption / decryption, which may matter on an older machine.

Please note in the link I sent the menu to select OS version at the top. It will default to Sonoma 14. The information when you select Monterey 12.x shows it is on the cusp of changes. They recommend that a disk to be used with 12.x Monterey be partitioned with Mac OS Extended (Journaled) whereas if it is to be used with 13.x Ventura or later then partition with APFS.

You can write files directly to a .dmg (being asked for a password if it is not yet open) without going through something like TextEdit.

My feeling is that you have not yet created a useable .dmg file but have encrypted a whole disk or partition, so I need some clarification to make sure I am following correctly.

If you encrypted something in error, you can use Disk Utility to decrypt, or simply tell Keychain the password so it will be decrypted when you login.

Could you please make a screenshot of this message?

As I see I deleted those - but this I could not delete and it states 1 T - it says delete and recreate .

It was here at this stage when I got the message ,when I wanted to partitionate a disk - then the message appeared - computer will stop answering if I continue .But this is the APPLE HD - this is definitely not to touch .

So you see it contains 1 T - definitely this is not or was not the way to go .

I encrypted something but I do not know what - FILE VAULT IS ON too . But nothing I can see -ewerything as usual . It is not possible to DELETE MACSKA DISK - it says - deleting a recreating .