Mac OS X has some nifty built-in tools for encryption — here is an alternative one.

This tutorial aims to show you different way of encrypting data on you Mac machine. There are several approaches to archiving this, each with its strenghts and weaknesses, entirely depending on your point of view.


EncFS is a lightweight alternative for people comfortable with the command line.

Installing it

If you're not afraid of a little work in the shell, EncFS may be the solution you're looking for. Originating on Linux, you can easily install it via Homebrew. The steps are largely based on the excellent work of Falko Timme, to be found at, adding Mac OS X specific steps.

brew install encfs

As one of the dependencies, fuse4x will be installed. Please watch out for the caveats section displayed after installation. You will need to manually install the Kernel extension, which is done with a few simple commands. Just copy and paste.

Using it

Create two directories:

mkdir -p ~/encrypted
mkdir -p ~/decrypted

The decrypted directory acts as the mount point for the encrypted directory. To mount, simply run:

encfs ~/encrypted ~/decrypted

Enter p for "pre-configured paranoia mode" and a strong password.

Check that the file system is indeed active.


Now you can write data to the ~/decrypted directory to be encrypted.

echo "hello foo" > foo
echo "hello bar" > bar
ln -s foo foo2

Check the ~/encrypted directory. You should see the encrypted contents.

To unmount (and therefore protect) the contents, run:

umount ~/decrypted

Check with mount that the mount point is gone.

That's it.

Next Post