Knox: Mac file encryption and backup
Knox is a utility that enables you to create encrypted vaults on OS X. It’s made by AgileBits, the company behind the popular password manager 1Password.
Knox uses the technology behind Apple’s File Vault to protect your data. It can create encrypted vaults using the 256-bit or 128-bit Advanced Encryption Standard (AES), which should be secure enough for most users.
You may be aware of the fact that OS X comes with Disk Utility, a tool that enables you to create encrypted disk images. In case you’re wondering why you’d pay for a third-party application to perform something that’s already available in your OS, read on.
Working with passwords
Apple doesn’t allow you to paste a password into the encrypted DMG creation dialog when using Disk Utility. This is a feature as it makes brute forcing passwords more difficult. At the same time, it’s a hassle for anyone that creates vaults on a regular basis and wants to use a strong and lengthy password with a complex set of characters.
Knox greatly streamlines the encrypted DMG creation process by allowing you to copy/paste the password.
As you can see from the screenshot above, creating a vault is quite simple. As vault capacity goes, you can set a custom size or you can let the vault grow as you add files to it. The only limit is the size of your drive.
You can allow Spotlight to index and search your encrypted vaults. This is especially convenient for users that create vaults on a regular basis and store lots of documents.
For security purposes the Spotlight index is stored on the vault itself, so it’s inaccessible unless the encrypted vault is open.
Unlike Disk Utility, Knox can reside in the dock as well as in the menu bar, enabling you to quickly work with all your encrypted vaults, launching them as the need arises.
My 2 cents
Although I’ve always used Disk Utility for creating secure vaults, once I discovered Knox, my usage skyrocketed. It’s unobtrusive, fast and readily accessible.
Along with regular backups, secure vaults are a good addition to any workflow, especially when on the move.
UPDATE, 28 January 2014.: A reader commented: “One can create/encrypt and also decrypt/mount Mac disk images on the command line, bypassing the copy/paste restriction.”
While this will certainly be of use to those that are savvy with the command line, it will probably present a problem for the average user looking for a streamlined way to increase security. Also, those that are like me and have a variety of encrypted DMG vaults they need to constantly open and close, the command line is certainly not a fast way to do it.