16-09-2021

Decrypt Old Vault App Files Mac

On Mac, I can create encrypted disk and mount when I need the files. This works fine. However, what I want here is an app that works both on iPhone and Mac, since I want to use files on my iPhone as well. Preferably w/o third party, but if encrypted I allow using e.g. Here is a scenario: I open this vault on Mac. Put some file in. Click on FileVault under macOS Security.

By Gina Barrow, Last updated: April 24, 2020

Encryption is the safest and best way to protect data as it encodes a certain file or information in such a way that only authorized users or those with passwords can access. Information including bank details, sensitive personal records should be encrypted to avoid data theft.

Computer operating systems have built-in encryption features but these provide easy to medium form of security and still prone to expert hackers. You need to invest in encryption software if it is a requirement for your type of usage. Here are the top 5 best encryption software for Macin 2020. Check out which one works for your needs.

Part 1. Why Need to Encrypt Mac Files?

All vital files stored inside a computer including Mac need to be encrypted for security purposes. If you happen to hear, watch, and read the news, there are reported cases of stolen identities and bank information due to unsecured files saved inside people’s stolen laptops and computers.

To avoid such hassle, you can rely on encryption software for Mac but the main concern here is what the best software to use is.

Part 2. Apple’s Encryption Software for Mac for free

If you are concerned about data privacy and your Mac contains sensitive information that must be kept personal, then you should use encryption. Apple has its own encryption software that users can utilize for free. There are actually different ways on how to encrypt files on Mac.

Encryption via Disk Utility

  1. Use the spotlight search and type in Disk Utility. You can also go to Utilities under Applications.
  2. Go to File on the topmost tools and hover to New Image then click on Image from Folder
  3. Select the folder you wish to encrypt from the newly popped-up window
  4. Rename the file you want to encrypt and go to the bottom part where you can set the encryption settings
  5. You can choose between the 128 and the 256-bit. (The higher the encryption the better but it takes slower time to complete request)
  6. Once you have selected your encryption method, you need to provide and verify your password. (Note: Remember your password because it will never grant you access to the given folder until the correct password is supplied). Click Choose.
  7. For the Image format, you can choose compressed.
  8. Wait until the encryption is completed.

This type of encryption affects the folder and its file contents so anytime you wish to open the folder and the files inside, you need to provide the password.

  1. You can now see a new Archive folder on the desktop which was the same file you encrypted
  2. You can delete the old folder to remove any access to it

People Also ReadHow to Clean up A MacHow Do You Speed Up Your Mac?

Use FileVault

FileVault is full-disk encryption that uses XTS-AES-128 encryption with a 256-bit key to preventing unauthorized access to your personal information on the startup disk. Basically, you won’t be able to go through Mac unless you provide the password.

The FileVault2 is available in OS X Lion and later versions. All you need to take advantage of this feature is to turn on FileVault in your Mac. Here’s how:

  1. Go to Security & Privacy under System Preferences
  2. Click the FileVault tab and click on the lock icon
  3. Enter the administration username and password
  4. Turn on FileVault
Mac

If you are using multiple users on Mac, you can enable each user and type in their assigned password.

Print to PDF

Another file encryption method in Mac is the Print to PDF wherein you can do the security lock on the print window itself after creating or editing certain file/s.

  1. Go to Print
  2. Choose PDF
  3. Click Save as PDF
  4. Before saving it, go to Security Options
  5. Check the box for your desired password security measures
  6. Don’t forget to verify the password and click Save

Part 3. The Best Encryption Software for Mac in 2020

In the sea of many software and applications, there seems to be plenty of programs dedicated to single-use or single-function. They are good because they focus on one solution, however, they also cost more expensive.

If you browse thoroughly, you will discover that there are a few applications that offer sets of operations and toolkits specially designed for Mac. FoneDog PowerMyMac - Cleaner provides comprehensive modules dedicated to Mac OS. It has three powerful modules: Toolkit, Status, and Cleaner.

Inside FoneDogPowerMyMac-Cleaner Toolkit, there is a robust function called Hide and Encrypt Files. This feature allows you to create a password-protected folder and store sensitive files in it by drag and drop. It lets you turn on and off in case you may not use the feature.

  • User-friendly
  • Free download version
  • Auto-lock setup
  • Uses the safest encryption system

How cool is that? This program has made an easier way to protect you from possible data theft.

Part 4. Other Mac Encryption Tools

Apart from FoneDog PowerMyMac-Cleaner, there is other top performing software that also provides convenience and security.

Hider 2

Hider2 has the ability to hide and encrypt data on your Mac securely including notes, documents, photos, etc. One of its positive scores is the user-friendly interface which suits beginner to average users.

  • Provides auto-lock feature when the user is inactive or idled
  • Uses AES-256 encryption for the safest system

Cisdem AppCrypt

Cisdem AppCrypt offers both website and app encryption system that locks you apps and accessed websites with passwords. It creates a blacklist for suspicious access and whitelist for trusted users. However, it does not have the file encryption ability that sets passwords for the desired file and folders.

  • Keeps a list of login attempts to let you know who opens your apps
  • User-friendly

GNU Privacy Guard

GNU Privacy Guard is hybrid Mac encryption software that uses a combination of standard symmetric-key cryptography and public-key cryptography. It mainly features a versatile key management system to protect your personal privacy and the privacy of the people you are communicating with.

  • Versatile (has Windows and Mac versions)
  • Free Software

However, since it provides you with a private key for safekeeping, you might end up having a hard time figuring out how to decode it once the keys are lost.

Old

Concealer

Concealer is another trusted name in terms of hiding files and encryption. It provides an automatic password assistant that generates “strong” passwords. One of its main advantages is providing and organizing folders by having default templates for various accounts such as bank accounts, email, software registration, and more.

  • Customizable auto-lock system
  • Easy to use with drag and drop features
  • Uses the master password and assigns separate or individual passwords to each file inside

Part 5. Factors to Consider when Choosing the Best Encryption Software for Mac

I know you may have gotten confused on which program to use or will work best for you after reading through the different software you can choose from. There is plenty of encryption software for Mac; however, bear in mind that you need to consider quality and multi-function when it comes to having a “good buy”.

You need a program that provides an all-in-one solution that you can rely on when things go rough on your device. I recommend using FoneDog PowerMyMac for the following factors:

  1. Security– It the important concern above all. You have to be keen about how these programs work to secure your files and your Mac overall.
  2. Encryption– Based on the above-mentioned encryption data, there are different types of password-protection format. Choose the one that provides the safest and considers your files their topmost priority.
  3. Encryption Speed- Consider a program that can encrypt even your large files at the shortest period of time. We know that large files take a while to be fully encrypted so you need software that can minimize the time constraints.
  4. Software License- Although free programs are good such as the GNU Privacy Guard, an open source software, you need to consider that free software is not entirely best for your needs since everyone can download it. The same thing goes for paid programs; you have to be extra cautious on how much it costs and its corresponding features. To be sure, you can take advantage of their free-trial versions first so you can determine if it works for you or not.

Part 6. Conclusions

We care so much about data privacy and we understand how crucial it is to be well-protected. You cannot simply store important files in your Mac especially when you have multiple users or you plan to sell it later on.

We know how much you want to protect your files from prying eyes and suspicious people that is why we have compiled and researched the different programs that can help you secure them. The encryption software for Mac we listed has their own Pros and Cons where you can assess according to their features.

Simply choose a program that will password-protect your files, optimize your system, and provide you with complete troubleshooting toolkit. Do you have any other concerns regarding encryption software for Mac? Please write your concerns in the comments below!

>Tips >Top 5 Best Encryption Software for Mac in 2020
Comment ()

Decrypt Old Vault App Files Mac Free

This feature is available in Professional, Free, and Trial editions of MDM.

Introduction

Encrypting information stored in employee computers is mandated in most organizations. Encryption ensures that the information on these computers can only be accessed by authorized users. The users authenticate themselves with their login credentials, which in turn decrypts the information for access.

Filevault is the most preferred tool for encrypting the data on mac machines. It provides two methods for encrypting the data on the systems.

  1. Encryption using iCloud password
  2. Encryption using institutional recovery key

Encryption using Mobile Device Manager Plus

Though users can manually encrypt their systems, it is always recommended to use a device management solution to encrypt the managed systems. This ensures uniformity in the encryption process used and also that all the users have encrypted their devices.Using Mobile Device Manager Plus to perform FileVault encryption on Mac machines also has the following benefits

  • One time setup- You need to create and distribute the profile to groups only once, and all the devices will be encrypted.
  • No user dependency- Once the admin creates the profile and applies it to the devices, the encryption process will begin when the device is logged in the next time, without any user intervention.
  • Enforced encryption- The admin of the organization can ensure that encryption is enforced on all the required systems using the desired encryption methods.
  • Keys stored in the server- The user does not have to be tasked with remembering the personal recovery key if they forget their passwords.
  • Simplified set up procedure- The user has to just choose the method of encryption, enable and upload a certificate to complete the setup process.

Using Mobile Device Manager Plus, a Mac system can be encrypted using any of the following methods

  1. Personal recovery key
  2. Institutional recovery key
  3. Personal and institutional recovery key

Encryption using personal recovery key

Filevault allows users to generate a personal recovery key that can be used to access their encrypted data in addition to their login credentials. If the user forgets his login password the user will be prompted to enter this generated recovery key to decrypt his system.

Mobile Device Manager Plus supports encryption using a recovery key. The recovery key generated during encryption can then be posted to the Mobile Device Manager Plus server. This ensures the users can request their organization's IT admins to provide them the recovery key to access their data. Since the personal recovery key is specific to users, this also prevents any unauthorized use of the recovery key.

Follow the steps given here to encrypt data using personal recovery key.

  1. On the MDM console, navigate to Device Mgmt ->Apple profile
  2. Enter a name for the profile and select FileVault Encryption
  3. Enable the option to use personal recovery key to encrypt user's mac systems.
  4. You can choose to show the generated key to the user, to allow them to make a note of it.
  5. Save and publish the profile.
  6. You can then distribute this profile to either groups or devices.

Encryption using institutional recovery key

Organizations can also choose to just use a single key or a certificate to encrypt the mac systems of the employees. To use a certificate to encrypt the systems, the administrator must first create the certificate and upload it to the MDM server.

To use institutional recovery key to encrypt the systems, the admin has to perform the following steps

  1. Create a certificate for encryption
  2. Uploading certificate to Mobile Device Manager Plus

Creating Certificate

This section explains the steps to create and export the institutional recovery key-

  1. On an administrator computer, open Terminal and execute the following command: sudo security create-filevaultmaster-keychain /Library/Keychains/FileVaultMaster.keychain
  2. Enter the login password/credential.
  3. Create a password for the new keychain when prompted. This password will be used to access the keychain certificate created in the next few steps. A keychain FileVaultMaster.keychain is created in the following location /Library/Keychains/
  4. You will have to unlock the keychain to copy or edit the created keychain. Enter the following command in the terminal to unlock the keychain-security unlock-keychain /Library/Keychains/FileVaultMaster.keychain
  5. Enter the previously created keychain password to unlock the keychain.
  6. Open Keychain Access.
  7. From the menu bar, choose File->Add Keychain
  8. Press Cmd+up to move up in the folder hierarchy. Continue till it reaches the last page, select the disk and then navigate to /Library/Keychains/ to find the created keychain.
  9. Select the FileVaultMaster.keychain file located in this folder.
  10. Select FileVaultMaster under the Keychains heading in the sidebar, and then select All Items under the Category heading in the sidebar.
  11. Verify that a private key is associated with the certificate.Select the certificate and the private key.
  12. From the menu bar, choose File -> Export Items and save the items as a .p12 file.
  13. The .p12 file is a bundle that contains both the FileVault Recovery Key and the private key.
  14. Create and verify another password to secure the file, and then click OK.
  15. You will be prompted to enter this password when uploading the recovery key.
  16. Delete the key chain you created.
  17. Quit Keychain Access.

The FileVault Recovery Key and the private key are saved as a .p12 file in the location you specified. This file can be used to encrypt the user's computers.

Uploading the certificate in Mobile Device Manager Plus

Once the required certificate is created, the admin has to upload this certificate to the Mobile Device Manager Plus console and distribute it to the systems to be encrypted. Follow the steps given below to upload and distribute the institutional recovery key.

  1. On the MDM console, navigate to Device Management -> Profiles
  2. Select Apple from the dropbox that appears on clicking Create Profile.
  3. Click on FileVault Encryption.
  4. Select Institutional Recovery Key certificate as the encryption method
  5. Browse and upload the .p12 file certificate created.Save and publish the profile.

This profile can then be distributed to the required groups and devices.

Decrypt Old Vault App Files Macbook

Encrypting using both Personal and Institutional Recovery key

Mobile Device Manager Plus also allows the admin to encrypt the systems using both a personal recovery key and the institutional recovery key. This is helpful when the data is to be decrypted, the user can choose which method to use to decrypt their data.

Steps to encrypt using personal and institutional recovery key.

  1. On the MDM console, navigate to Device Management -> Profiles
  2. Select Apple from the dropbox that appears on clicking Create Profile.
  3. Click on FileVault Encryption.
  4. Select Personal and Institutional Recovery key as the encryption method
  5. Upload the certificate, and if needed, allow the users access to the personal recovery key.
  6. Save and publish the profile.
  7. Distribute the profile to the required groups and devices.

Decrypting mac systems when users forget their passwords

If a user forgets their passwords the user can contact the admin to decrypt their systems. The admin can check the encryption method used to encrypt the system by navigating to Inventory, selecting the device name and clicking on FileVault Encryption tab. Based on the type of encryption used, the admin has two options to decrypt the system.

  1. Personal recovery key- If the user has the recovery key handy, they can enter this key in the login page when prompted. They can also obtain this key from the Mobile Device Manager Plus server from the page where the encryption method details are available. Once the recovery key is entered, the user will be asked to set a new password.
  2. Institutional recovery key- If institutional recovery key is used, then the system cannot be decrypted directly, the user can only retrieve the encrypted files. The system will then have to be wiped and the files restored to the system. The admin can access the certificate used for encryption by navigating to Inventory ->Device name -> FileVault Encryption. Download the certificate. To decrypt the system that is encrypted using institutional recovery key, the admin has to follow the steps given below-

Converting p12 to keychain format

  1. On a mac machine, navigate to Keychain Access
  2. Create a new keychain by navigating to File->New keychain
  3. Enter FileVaultMaster as the name for the keychain and secure it using a password
  4. Select the created keychain and navigate to File->Import Items
  5. Select the .p12 certificate downloaded from Mobile Device Manager Plus
  6. Enter the password for the certificate specified while downloading from Mobile Device Manager Plus

Unlock A Filevault 2-encrypted Volume With An Institutional Recovery Key

Requirements
  • macOS running OS 10.9 or higher
  • An external drive or USB drive
Steps
  1. On the administrator's system, where the originally created keychain (institutional recovery key) is stored. Copy FileVaultMaster.keychain-db along with the private key to an external drive or USB drive
  2. Boot the machine that has to be decrypted, in recovery mode, by holding command-R while starting up.

    3. To unlock the keychain

  3. Plug in the USB or external drive with the FileVaultMaster keychain to the device to be decrypted. Once in recovery mode, the drive should automatically mount. You can also mount it using Disk Utility.
  4. Open Terminal by navigating to Utilities->Terminal
  5. Unlock the keychain in the Terminal, by running the command security unlock-keychain /Volumes/[nameofdrive]/[path]/FileVaultMaster.keychain. When prompted, enter the password that was used to create the keychain.
  6. Entering the correct password will unlock the keychain.

    Unlock the encrypted volume

    MacOS devices running macOS High Sierra (10.13) may have been upgraded to Apple’s new APFS. Follow the steps below to unlock the encrypted volume

  1. If your device is using APFS, find the APFS disk role by using diskutil apfs list.
  2. Unlock the encrypted volume by using diskutil apfs unlockVolume [APFS disk role] -recoverykeychain /Volumes/[nameofdrive]/FileVaultMaster.keychain
  3. You can now browse the directories of the unlocked drive, or you can decrypt the drive and turn off.
  4. You can then decrypt the files using diskutil apfs decryptVolume /dev/[APFS disk role]You can check the progress by running diskutil apfs list again.

If you are still using mac version lower than 10.13 follow the steps given below to unlock and decrypt the volume

  1. If your device is using macOS Extended (HFS+), find the CoreStorage Volumes (UUID) by using diskutil cs list
  2. Find the Logical Volume UUID of the encrypted drive, by running the command diskutil corestorage list
  3. Unlock the volume with diskutil corestorage unlockVolume [UUID] -recoveryKeyChain /Volumes/[nameofdrive]/[path]/FileVaultMaster.keychain
  4. The volume should unlock and mount, you can now retrieve the files.
  5. Decrypt the files using diskutil corestorage revert [UUID] -recoveryKeychain /Volumes/[nameofdrive]/[path]/FileVaultMaster.keychain

Troubleshooting Tips

  • There was a problem enabling FileVault on your computer. You should use System Preferences Security and privacy to view or change FileVault.
    This message is shown when FileVault is being configured for a mobile account or a user account which does not have the Server Token. To check if a particular account has the Server Token, open Terminal on the Mac machine and enter the following command:
    sysadminctl -secureTokenStatus username_goes_here
    To add the Server Token to a specific account, use:
    sysadminctl -secureTokenOn username_which_needs_secure_token_goes_here -password password_goes_here

See Also:Associating Profiles to Groups, Associating Profiles to Devices, App Management, Distribute Apps to Devices, Distribute Apps to Groups