Preboot authentication or Prelogin Gui interaction possible, in regards to Encryption software

[BossmanPL]

I ma having trouble to setup some solution that could encrypt whole drive or partition for my most important files. I need to encrypt Users directory along with Applications, the problem is i NEED and WANT to enter password each time i want to access encrypted data, so i have been reading and testing in to this subject,

 

Filevault 2 is not working wheen it comes to Fulldisk encryption /clover, creating encrypted partition based is olso not option because i can't mount partition before i login, there is bash script to mount such partition in the time wheen i login in, but it is lose case because it takes already stored password in keychain and i don't what that. I WOULD need to enter password manually every time.

 

Veracrypt and Truecrypy is olso no go because i can access files only after login is done, that way all my files and icons are not avaliable yet and User directory changes back to last known. So it does not work properly that way. In MS Windows i got preboot authentication wich is working well and awesome.

 

Does anybody have solution to such case ?

[smolderas]

I ma having trouble to setup some solution that could encrypt whole drive or partition for my most important files. I need to encrypt Users directory along with Applications, the problem is i NEED and WANT to enter password each time i want to access encrypted data, so i have been reading and testing in to this subject,

 

Filevault 2 is not working wheen it comes to Fulldisk encryption /clover, creating encrypted partition based is olso not option because i can't mount partition before i login, there is bash script to mount such partition in the time wheen i login in, but it is lose case because it takes already stored password in keychain and i don't what that. I WOULD need to enter password manually every time.

 

Veracrypt and Truecrypy is olso no go because i can access files only after login is done, that way all my files and icons are not avaliable yet and User directory changes back to last known. So it does not work properly that way. In MS Windows i got preboot authentication wich is working well and awesome.

 

Does anybody have solution to such case ?

Yes. The solution is the legacy FileVault or FileVault 1. It just encrypts your home folder and nothing else.

Since you want to encrypt the applications too (why?), you could place them in your home folder in "~/Applications". It will play well with launchpad too.

 

I've been using it and the only negative side of it is if you are using Time Machine. Time Machine can't backup your home folder on the fly. It is doing that after you log out. It could take some time (and of course you can skip it too).

 

Here is a quick how to and as always do a backup of your files even before starting doing it:

 

Edit:

Here I found a google result of this procedure:

http://lab.maiux.com/en/os-x/criptare-la-home-directory-di-un-utente-usando-legacy-filevault-in-os-x-lion

[BossmanPL]

Okay but Filevault is asking for password before you login ? - If i encrypt home directory it cant be accessed wheen i login with that user ?

Can i use Filevault 1 with El Capitan, replace Filevault 2 ?

[smolderas]

Okay but Filevault is asking for password before you login ? - If i encrypt home directory it cant be accessed wheen i login with that user ?

Can i use Filevault 1 with El Capitan, replace Filevault 2 ?

Yes, FileVault 1 is working on El Capitan, although there is a minor UI problem (sometimes the time machine backup window don't appear or won't show text after you log out, but that shouldn't disturb you).

FileVault won't ask your password, it uses your login password. It works seamlessly. You are logging in with your password and your encrypted home folder will be mounted. After you log out, your home get unmounted and encrypted again, if you use the time machine gets in and does its backup.

 

Be careful with the procedure on this linked site. Try to create a new user and test with it, before you move on to your actual home folder. And be advised. Do a bootable clone or backup of your files.

[BossmanPL]

How about if i change my account password in rescue mode, how theen filevault behaves ?

[smolderas]

How about if i change my account password in rescue mode, how theen filevault behaves ?

You can't change password in rescue mode. You can reset the password and it only applies to your login. The files are encrypted and can't be changed or read without the password. So if you lose your password and the master (key) password, you lose data.

It is not hard to test it. Just go and create a second test account and test with it and report back your findings...

[BossmanPL]

Okay thanks. I will try something different olso, there on net is a Truecrypt preboot authentication with USB serial number stick, there can be a key on usb stick for example olso. So it could be olso a solution.

Thanks for your time, mate.

[smolderas]

Okay thanks. I will try something different olso, there on net is a Truecrypt preboot authentication with USB serial number stick, there can be a key on usb stick for example olso. So it could be olso a solution.

Thanks for your time, mate.

No problem. Just remember, truecrypt is seeing as not secure for many years. If you active FileVault, you could select your own encryption method and choose the most secure one.

[BossmanPL]

Yes but Veracrypt seems to have fixed bugs in truecrypt.

 

UPDATE:

I have done FileVault, it works alright.

I wonder if in that way i could do encryption in different places "other than users"

[smolderas]

Yes but Veracrypt seems to have fixed bugs in truecrypt.

 

UPDATE:

I have done FileVault, it works alright.

I wonder if in that way i could do encryption in different places "other than users"

Why would you want to encrypt system files or applications? All user files are in users...

 

Edit:

I have a part of my user files on other volumes. They are all encrypted.