If someone stole my MacBook Air, the computer’s data should be fairly safe, due to my use of Apple’s FileVault 2 whole-disk encryption. But what if someone got access to my computer while I’m still logged in? Or what if someone got hold of my login password?
Certain data, like website passwords, are already encrypted via applications like Apple’s Keychain and AgileBits’s 1Password. But how can we secure non-encrypted documents like bank statements, contracts, etc.?
In the past, I considered using applications like Knox, which make it slightly less cumbersome to deal with encrypted disk images than dealing with them directly. But, unfortunately, Knox didn’t go far enough in the area of usability—it basically makes you deal with Finder-mounted volumes—to convince me to use it.
Recently, though, I discovered a product that did — and it’s called, Espionage.
How Espionage works
Espionage, which lives in your menubar and is activated with a keystroke, manages lists of folders you want protected.
Each list is associated with a password of your choosing. When Espionage is locked, the contents of your folders are encrypted. When you unlock Espionage—by entering one of your passwords—the contents of the folders in the list associated with the password you entered are unencrypted and become accessible.
By managing the encryption of folders where they reside in the file system, as opposed to Knox, which mounts encrypted volumes in the Finder, Espionage becomes infinitely more useful. And an interesting additional feature of Espionage—the ability to assign actions to the locking and unlocking of folders—makes it even more powerful.
A simple use case
Here’s an example of how I use both of these features…
On one of my computers, I run the Bitcoin wallet app called MultiBit. MultiBit stores your bitcoins in a file inside the “MultiBit” folder within the “Application Support” folder, inside your home directory’s “Library” folder.
I added this folder to my primary folder list within Espionage, and assigned an “unlock” action—opening the MultiBit application—as well as a “lock” action—quitting the MultiBit application.
By accessing the folder’s individual settings in Espionage, in which one can override the list’s default folder settings, I set the folder to not automatically unlock when its parent folder-list is unlocked. Finally, I set the folder to “auto-lock” itself 10 minutes after being open.
The result—rather than launching the MultiBit app directly, I instead unlock its folder within Espionage. Espionage then decrypts the contents, and launches MultiBit. 10 minutes later, it quits MultiBit and then re-encrypts the contents.
This keeps my bitcoin wallet on that computer fairly safe, even if someone had login access.
Under the hood
Espionage actually stores the contents of your listed folders in individual, encrypted disk images outside of the source folders themselves.
When you unlock a folder, Espionage “mounts” the associated disk image at the folder’s source in the Finder—giving the impression that you’re simply working with a normal folder. When you then lock the folder, the encrypted disk image is closed, and the original folder is returned—either empty, or with any contents you’ve since added not to be encrypted. (This behavior has some interesting benefits discussed later.)
The individual, encrypted disk images are sparse bundles, which mean they actually consist of a large number of tiny little encrypted files—making them space-efficient and working well with backup utilities like Time Machine, as well as making Espionage suitable to work with applications like Dropbox.
The sparse bundles are named with hashes, so, if they were found, there’d be no way to associate any of them with particular folders. In addition, Espionage generates a highly-secure, unique, internal password for each image file, and maintains a mapping of those passwords to each list’s master password through “key derivation” technology called, scrypt.
One of the benefits of the way Espionage has been implemented is plausible deniability. Here’s two examples:
- Since Espionage manages any number of lists of folders, if you were required to give someone a password to unlock Espionage, you could provide the password that unlocks a benign list of folders that you’d setup just for such a situation. They would have know way of knowing or proving that you had additional passwords in use with Espionage, which unlocked additional lists of folders.
- Since Espionage stores your folder contents in encrypted images outside of your source folders, and if you, for example, chose to use Espionage to encrypt the contents of Mail.app’s data folder(s), then if you launched Mail.app without having unlocked that list of folders in Espionage, Mail would launch with a different setup—one that could, again, appear benign, without giving any indication that you’re real email is encrypted.
Espionage provide some additional features, such as the ability to disable spotlight indexing at the folder level, as well as overriding where it stores the folder’s associated encrypted sparse image.
All in all, it’s a thoughtful, powerful and well-designed app. I’ve been using it for a few days now, and am really impressed. I think you’ll like it too.