Encrypting Files with Sparse Bundles in macOS

If you use a Mac, it’s important to use FileVault, the whole-disk encryption feature, to encrypt your hard drive. But you may have files that you want to have a behind an extra layer of security, in case a person or malware gains access to your macOS account. On macOS, you can use a sparse bundle to create an encrypted, password-protected container for files.

A sparse bundle looks like a disk image file, and when you open it, you’re prompted to enter the password you set when you created it. When you do, you get a new Finder window containing all the folders and files you encrypted within the sparse bundle. You can add, modify, and delete files within it, just as you would any other files. When you’re finished, you can eject the virtual disk to make the files inaccessible without the password.

You’ll only be able to open the sparse bundle in macOS, so if you think you’ll need to open your encrypted files in a different OS, consider using VeraCrypt instead, as it’s cross-platform (Windows, macOS, Linux). VeraCrypt is popular open-source encryption software which you can use to create a virtual encrypted disk inside a file, which you can mount and use as a real disk. I like VeraCrypt, but I prefer to use native tools rather than third-party ones when possible, and macOS can natively create a virtual encrypted disk as a sparse bundle.

How to Create a Sparse Bundle

  1. Open the Disk Utility app.
  2. Click File > New Image > Blank Image.
  3. Jump down to Image format and choose sparse bundle disk image.
  4. Save as: Set the file name you’d like to use. I recommend against using a tempting name like Secret files.
  5. Where: Choose where you want the sparse bundle to be saved.
  6. Name: Set the name you’d like to use for this disk when it’s mounted. I recommend against using a tempting name like Secret files.
  7. Size: Set the maximum size you want this bundle to be able to increase to. It will only take as much disk space as are actually required by the files you put in it, not this max size.
  8. Format: Leave this as APFS unless you have a reason to change it.
  9. Encryption: Choose 128-bit or 256-bit AES. I recommend the latter, unless the file will be very large and you’re concerned about the speed of encryption/decryption. As soon as you make your selection, you’ll be prompted to set the password. I recommend saving it in your password manager, then pasting it into the dialog box.
  10. Partitions: Leave as default unless you have a reason to change it.
  11. Click Save.
Create encrypted sparse bundle in macOS

How to Open a Sparse Bundle

  1. Double-click the sparse bundle you created (filename.sparsebundle).
  2. Enter the password you set when you created it.
  3. I recommend not enabling Remember password in my keychain. If these are truly sensitive files, you want to require the password to be typed. Otherwise, someone who gains access to your macOS account will be able to easily open your sparse bundle.

Additional Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chad Warner

Seeking a cyber threat intelligence (CTI) or OSINT job. I'm a CTI, OSINT, & cybersecurity enthusiast; bookworm; and fan of Tolkien & LEGO.