A secure document library for your Mac (part 1)

I spend plenty of time futzing* around on the Mac listening to music, watching movies and surfing the web so it’s quite rewarding when I really put it to good use. Shrinking the mountain of old paperwork that filled dozens of A4 ring binders in my study bookcase was one such project, and I now have an online, searchable and secure archive of all my old documents.

My list of ingredients for this little project were:

  • An Apple Mac (running Leopard OS X)
  • A Fujitsu ScanSnap S300M (or a flatbed scanner if you’re patient)
  • TrueCrypt (optional – I ended up using the Disk Utility built in to Leopard)
  • DevonThink Pro (optional – you can just as easily use folders and Finder if you want to)
  • Fellowes P-58Cs shredder (any good cross-cut shredder will do)

The first thing I did was to scan all my old documents using the ScanSnap scanner. While other scanners will do, flatbed scanners are notoriously slow and cumbersome given that the ScanSnap S300M can scan both sides of a sheet of paper in around five or six seconds, and can take 10 sheets of paper at a time. I wrote a little article about the ScanSnap S300M which you can find here, and if you’ve got the budget it’s bigger brother, the S510M can take up to 50 sheets at a time. The time consuming bit when you’re scanning is to give the scanned documents a sensible name. I opted for keeping it simple, sticking to a name and date wherever possible, so for example a copy of the order sheet that Amazon sent out with an item I ordered on December 3rd 2008 got named “Amazon Slip – 2008.12.03”. Generally if I’m looking for something then I’ll at least know the company or person involved and roughly the date it happened, well to within a year or so!

Fellowes P-58Cs Shredder

Fellowes P-58Cs Shredder

So the upshot of this is that after a few days casual scanning and labelling, I had a folder structure on one of my hard disks consisting of folders labelled according to subject, e.g. Amazon, Apple, etc. So far so good, all my old paperwork is now safely on disk, and indexed by Spotlight. Next job – security!

It’s all very well scanning old credit card and bank statements, but what if someone were to break in and steal your Mac while you’re out?! Not only have they pinched your pride and joy, they’ve got a load of your financial details to start making mayhem with your credit rating. Originally I tackled this problem by encrypting individual files using GoSecure. Great drag & drop utility – virtually unbreakable AES-256 bit encryption, but with hundreds of files needing to be secured it quickly became very laborious to encrypt each one by hand. More to the point, every time I wanted to look at one of these documents I had to decrypt it manually then re-encrypt it afterwards. The solution? Store all your scanned files using an encrypted disk image – basically a secure encrypted area that looks like a regular disk while you’re using it. Think of it like a little CD or DVD disk or even a miniature hard disk hidden away inside your Mac. Now I could have used OS X’s FileVault feature to secure an entire hard disk, and if you are happy doing that then it’s the way to go. However, some people think it’s overkill, and it still leaves the issue of how to secure your backups as well. More flexible options include things like the excellent (and free) TrueCrypt utility or Leopard’s very own Disk Utility, which is what I ended up using.

So, I have a bunch of scanned documents that amount to around 1.5Gb of data, and it’s likely that I’ll add to this over the coming years. What’s needed is an encrypted area big enough to allow growth, so let’s say capable of holding up to 2.6Gb? Now while TrueCrypt has lots of bells and whistles, I opted to use Disk Utility as it’s already part of Leopard OS X and it’s really easy to use, and this is what you do:

  1. Go to your Utilities folder and launch Disk Image.
  2. From the File menu, choose New then Blank Disk Image.
  3. Choose a location where you want to store your disk image. I put mine in a separate little disk partition I’ve got, but your Documents folder is as good a place as any.
  4. Give your disk image a name in the ‘Save As‘ box, and give it the same name in the ‘Volume Name‘ box too.
  5. Choose a size for your disk image, remembering that you should allow space to add more files to it in the future. I chose 2.6Gb for my 1.5Gb of files, but you can choose any custom size you like.
  6. Choose a disk format – Mac OS Extended is good for performance and Time Machine compatibility if you’re backing up the whole disk image as just one file.
  7. Encryption – now here’s where Mac OS X does the clever stuff. The default will be ‘none’ but seeing as the idea is to make it secure, choose 128-bit AES or if you’ve got a reasonably fast Mac, go the whole hog and use 256-bit AES. All the encryption will be handled on the fly by OS X when you’re using the disk – you won’t feel a thing!
  8. For the Partitions option you can choose ‘no partition map‘ and for the Image format choose ‘sparse bundle disk image‘. Sparse bundle is good as it allows your disk image to grow and shrink as required.
  9. Click the OK button and Disk Utility will get to work creating your disk image.
  10. After a few seconds you’ll see a prompt asking you for a password for your encrypted disk image. Helpfully the window will show you how good your password is – I’d recommend choosing something with a rating of ‘Good‘ or better.
  11. You’ll also need to decide if you want to store your password in your Keychain. Now while it might sound like a good idea to tick the box, you need to think about what that means. I chose not to store the password in the keychain, and I think that’s a safer setting especially for laptop users. If you do store the password in your keychain then basically if someone manages to log into your Mac, they won’t get prompted for your password when they open your disk image – now is that something you want? Depends on how strong your login password is perhaps. So my recommendation is – make the password ‘Good’ or better, do not store it in your keychain, and choose a different password to your login password.

Now that you’ve created your secure disk image, it’s very easy to mount it and start using it like a real disk. Just open Finder and go to where you created the disk image. You’ll see a ‘.dmg‘ file with the name you chose in Disk Utility, just double-click on it and you’ll be prompted for your password. That done, you have a new ‘disk’ that you can use like any other hard disk, CD, DVD etc. under OS X. At this point you’d move your scanned documents to your new secure disk area. What’s more, when you’re done you can eject the disk image if you like and your documents are safe from prying eyes until you mount the disk image again. Reboot you Mac and your scanned documents are still safely locked away until you decide to open the disk image using your password.

Disk Utility

Disk Utility

I went a step further and decided to try out DevonThink Pro for managing my library of scanned documents. There are benefits and disadvantages to using a tool like DevonThink rather than natively storing the documents and using Finder so it’s a matter of choice and I’ll cover DevonThink Pro in a separate article.

Well that’s about it – the only thing left to do is to decide on a sensible backup strategy for your encrypted disk image. As the disk image itself is a single .dmg file, it’s relatively easy to back it up and if it’s small enough you can back it up to online services like Mozy or even iDisk, after all it’s already encrypted so it’ll be pretty safe wherever you put it.

Oh and last but not least, you can now have fun shredding all your old scanned documents and putting the space you’ve gained to good use!

*In case you wondered what futzing is, the dictionary definition is: To waste time or effort on frivolities; fool. See, told you Macs are fun.

Little bundles of… Well, it’s not joy

Having recently added a new hard drive to the Mac, I thought I’d check its ‘SMART’ status just to make sure everything was OK. There’s a neat little app called SMARTReporter that sits on the menu bar and alerts you if any of your drives start to feel a sick – probably long before you experience any data loss. It sends output to the Console at specified intervals, so when I asked for the status of all my drives, SMARTReporter kindly opened the console for me. Having checked everything was normal, I went on to launch Mail.app to check for mail. As luck would have it, the Console was still open and up popped this message:

08/03/2009 21:29:05 Mail[1322]  DEVONMailConduit 1.2.1 loaded

What? DEVONMailConduit is loading when I launch Mail.app? But I don’t have any DEVON products installed. Ahh, but I did try out DEVONThink Pro a few months back and it seems that even though I thought I’d uninstalled it OK, there were still (quite a few) traces of it left behind. So let’s start with the message above – it’s obviously a mail plug-in so where better to look than in the <username>/Library/Mail/Bundles folder and sure enough there it was… DEVONMailConduit.mailbundle nestling inside. It’s then just a simple task to delete it and then relaunch Mail.app to check the console and make sure it’s gone.

Next up, there’s cached data that DEVONThink Pro left behind. So, it’s off to my <username>/Library/Caches/Metadata folder and what do we find? Yes it’s a DEVONThink Pro folder – not huge, but something I don’t need, so to the trash it goes.

DEVONThink Pro scripts

DEVONThink Pro scripts

Now part of how DEVONThink Pro works is by integrating itself with various aspects of your system. This means that there will be scripts allowing you to ‘clip’ things to DEVONThink amongst other things. Sure enough, I found no less than 2 more folders and 34 DEVONThink scripts on my system, as you can see from the picture. Same treatment, ‘move to trash’!

Having done a few more checks, I think that’s all traces of DEVONThink Pro removed from my Mac. Now when I search on ‘devon’ all I see is a dictionary entry for a small county in southwestern England.

This isn’t a criticism of DEVONThink Pro, many other apps are the same – it just goes to show that when you install an app there is often a lot more to it than what gets put in your Applications folder. Software like AppZapper does help, but be prepared to get your hands dirty if you want to remove all traces of some programs. Also it’s a good idea to move the files and folders in question to a safe place and then to check your Mac is still running smoothly before finally consigning them to the trash bin… just in case!

Why don’t I use DEVONThink Pro? Well it’s a great program, it’s just that at the time it was overkill for what I needed, although I’m now re-visiting it as it happens to use as a document management platform. I’m currently using Evernote for storing all my web clippings, notes and odd bits of information. It’s free, cross-platform plus you can sync it to your iPhone after a fashion. Horses for courses though, so check ’em both out.