As a security consultant, frequently traveling, it is critical to implement security controls to protect sensitive data on my computer. One of the most often overlooked data is locally stored email. A quick search on the web identified some good ways to encrypt the Mac Mail store. A great resource that I found was an article by Jason Owens on How to Encrypt your Entourage and Apple Mail Mailstores. Jason’s write up is excellent and uses the built in features of the Mac to create an encrypted container.
I have chosen to use TrueCrypt for my encrypted container, which required me to modify Jason’s instructions a little bit. The following steps walk through encrypting the general mail contents. These same steps can also be applied to the Mail Downloads folder.
- Make sure that Mail is not running and you have backed up your system (you can never be to careful).
- Locate your mail directory. This is usually found at /Users/Your_ID/Library/Mail/
- Do a Get Info on the mail directory to see how large the directory is.
- Open TrueCrypt (Install it if you have not done so already).
- Click Create Volume and follow the steps to create a new encrypted container.
- Name the volume AppleMailMailStore.
- Save the volume somewhere in your home directory.
- From within the TrueCrypt interface, mount the new AppleMailMailStore drive (requires entering your password).
- Open up Finder and locate the new drive. If it is identified as Untitled, rename it to AppleMailMailStore.
- Copy the contents of /Users/Your_ID/Library/Mail to the new drive.
- Rename the original mail folder (/Users/Your_ID/Library/Mail) to /Users/Your_ID/Library/Mail_OFF.
- Create a symbolic link to your AppleMailMailStore drive on your Destkop (sudo ln -s /Volumes/AppleMailMailStore/ Mail)
- Copy the new link to /Users/User_ID/Library/
At this point, you should be able to open Mac Mail and it should run as it did before creating the encrypted folder. The symbolic link was created because Mac Mail looks for that specific Mail folder for the mail. The program doesn’t realize that it is actually pointing to a different, encrypted, location.
It is important to remember that you have to decrypt the AppleMailMailStore drive before you can open Mac Mail. If you don’t, Mail will display an error message stating that it can’t start. One way to help assist with this is to use Automator using the following technique:
- Open Automator (found in Utilities).
- Choose to create a new Application and click Choose.
- In the Library column on the left hand side, select Utilities.
- In the second column, select Run Shell Script and drag it into the workflow panel.
- Replace cat with the following commands:
/Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt –mount /Users/User_ID/Documents/AppleMailMailStore
open -a mail
- Save the Script as EncryptedMailOpener.
Once this is complete you can use the new EncryptedMailOpener.app to start Mail. This will decrypt your folder (requiring the password) and then start mail.
TrueCrypt is very easy to set up and their site contains many tutorials to help you get started. It is important that sensitive information is protected on all systems to help reduce the chance that the data can be stolen.