A secure document library for your Mac (part 1)

I spend plenty of time futzing* around on the Mac listening to music, watching movies and surfing the web so it’s quite rewarding when I really put it to good use. Shrinking the mountain of old paperwork that filled dozens of A4 ring binders in my study bookcase was one such project, and I now have an online, searchable and secure archive of all my old documents.

My list of ingredients for this little project were:

  • An Apple Mac (running Leopard OS X)
  • A Fujitsu ScanSnap S300M (or a flatbed scanner if you’re patient)
  • TrueCrypt (optional – I ended up using the Disk Utility built in to Leopard)
  • DevonThink Pro (optional – you can just as easily use folders and Finder if you want to)
  • Fellowes P-58Cs shredder (any good cross-cut shredder will do)

The first thing I did was to scan all my old documents using the ScanSnap scanner. While other scanners will do, flatbed scanners are notoriously slow and cumbersome given that the ScanSnap S300M can scan both sides of a sheet of paper in around five or six seconds, and can take 10 sheets of paper at a time. I wrote a little article about the ScanSnap S300M which you can find here, and if you’ve got the budget it’s bigger brother, the S510M can take up to 50 sheets at a time. The time consuming bit when you’re scanning is to give the scanned documents a sensible name. I opted for keeping it simple, sticking to a name and date wherever possible, so for example a copy of the order sheet that Amazon sent out with an item I ordered on December 3rd 2008 got named “Amazon Slip – 2008.12.03”. Generally if I’m looking for something then I’ll at least know the company or person involved and roughly the date it happened, well to within a year or so!

Fellowes P-58Cs Shredder

Fellowes P-58Cs Shredder

So the upshot of this is that after a few days casual scanning and labelling, I had a folder structure on one of my hard disks consisting of folders labelled according to subject, e.g. Amazon, Apple, etc. So far so good, all my old paperwork is now safely on disk, and indexed by Spotlight. Next job – security!

It’s all very well scanning old credit card and bank statements, but what if someone were to break in and steal your Mac while you’re out?! Not only have they pinched your pride and joy, they’ve got a load of your financial details to start making mayhem with your credit rating. Originally I tackled this problem by encrypting individual files using GoSecure. Great drag & drop utility – virtually unbreakable AES-256 bit encryption, but with hundreds of files needing to be secured it quickly became very laborious to encrypt each one by hand. More to the point, every time I wanted to look at one of these documents I had to decrypt it manually then re-encrypt it afterwards. The solution? Store all your scanned files using an encrypted disk image – basically a secure encrypted area that looks like a regular disk while you’re using it. Think of it like a little CD or DVD disk or even a miniature hard disk hidden away inside your Mac. Now I could have used OS X’s FileVault feature to secure an entire hard disk, and if you are happy doing that then it’s the way to go. However, some people think it’s overkill, and it still leaves the issue of how to secure your backups as well. More flexible options include things like the excellent (and free) TrueCrypt utility or Leopard’s very own Disk Utility, which is what I ended up using.

So, I have a bunch of scanned documents that amount to around 1.5Gb of data, and it’s likely that I’ll add to this over the coming years. What’s needed is an encrypted area big enough to allow growth, so let’s say capable of holding up to 2.6Gb? Now while TrueCrypt has lots of bells and whistles, I opted to use Disk Utility as it’s already part of Leopard OS X and it’s really easy to use, and this is what you do:

  1. Go to your Utilities folder and launch Disk Image.
  2. From the File menu, choose New then Blank Disk Image.
  3. Choose a location where you want to store your disk image. I put mine in a separate little disk partition I’ve got, but your Documents folder is as good a place as any.
  4. Give your disk image a name in the ‘Save As‘ box, and give it the same name in the ‘Volume Name‘ box too.
  5. Choose a size for your disk image, remembering that you should allow space to add more files to it in the future. I chose 2.6Gb for my 1.5Gb of files, but you can choose any custom size you like.
  6. Choose a disk format – Mac OS Extended is good for performance and Time Machine compatibility if you’re backing up the whole disk image as just one file.
  7. Encryption – now here’s where Mac OS X does the clever stuff. The default will be ‘none’ but seeing as the idea is to make it secure, choose 128-bit AES or if you’ve got a reasonably fast Mac, go the whole hog and use 256-bit AES. All the encryption will be handled on the fly by OS X when you’re using the disk – you won’t feel a thing!
  8. For the Partitions option you can choose ‘no partition map‘ and for the Image format choose ‘sparse bundle disk image‘. Sparse bundle is good as it allows your disk image to grow and shrink as required.
  9. Click the OK button and Disk Utility will get to work creating your disk image.
  10. After a few seconds you’ll see a prompt asking you for a password for your encrypted disk image. Helpfully the window will show you how good your password is – I’d recommend choosing something with a rating of ‘Good‘ or better.
  11. You’ll also need to decide if you want to store your password in your Keychain. Now while it might sound like a good idea to tick the box, you need to think about what that means. I chose not to store the password in the keychain, and I think that’s a safer setting especially for laptop users. If you do store the password in your keychain then basically if someone manages to log into your Mac, they won’t get prompted for your password when they open your disk image – now is that something you want? Depends on how strong your login password is perhaps. So my recommendation is – make the password ‘Good’ or better, do not store it in your keychain, and choose a different password to your login password.

Now that you’ve created your secure disk image, it’s very easy to mount it and start using it like a real disk. Just open Finder and go to where you created the disk image. You’ll see a ‘.dmg‘ file with the name you chose in Disk Utility, just double-click on it and you’ll be prompted for your password. That done, you have a new ‘disk’ that you can use like any other hard disk, CD, DVD etc. under OS X. At this point you’d move your scanned documents to your new secure disk area. What’s more, when you’re done you can eject the disk image if you like and your documents are safe from prying eyes until you mount the disk image again. Reboot you Mac and your scanned documents are still safely locked away until you decide to open the disk image using your password.

Disk Utility

Disk Utility

I went a step further and decided to try out DevonThink Pro for managing my library of scanned documents. There are benefits and disadvantages to using a tool like DevonThink rather than natively storing the documents and using Finder so it’s a matter of choice and I’ll cover DevonThink Pro in a separate article.

Well that’s about it – the only thing left to do is to decide on a sensible backup strategy for your encrypted disk image. As the disk image itself is a single .dmg file, it’s relatively easy to back it up and if it’s small enough you can back it up to online services like Mozy or even iDisk, after all it’s already encrypted so it’ll be pretty safe wherever you put it.

Oh and last but not least, you can now have fun shredding all your old scanned documents and putting the space you’ve gained to good use!

*In case you wondered what futzing is, the dictionary definition is: To waste time or effort on frivolities; fool. See, told you Macs are fun.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: