How to encrypt and decrypt a HFS partition

root's picture

How to encrypt and decrypt a HFS partition:
OSX Lion brought a neat feature in diskutil which allows you to encrypt and decrypt any HFS partition online. Please find below an example of such feature:

root@osx# diskutil list /dev/disk1
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk1
   1:                        EFI                         209.7 MB   disk1s1
   [color=green]2:                  Apple_HFS 500G                    499.8 GB   disk1s2[/color]
   3:                 Apple_Boot Boot OS X               134.2 MB   disk1s3


root@osx# [color=green]diskutil cs convert disk1s2 -passphrase[/color]
New passphrase for converted volume:
Confirm new passphrase:
Started CoreStorage operation on disk1s2 500G
Resizing disk to fit Core Storage headers
Creating Core Storage Logical Volume Group
Attempting to unmount disk1s2
Switching disk1s2 to Core Storage
Waiting for Logical Volume to appear
Mounting Logical Volume
Core Storage LVG UUID: 00X00X0X-XX0X-0X00-0000-00XX000000XX
Core Storage PV UUID: 0X00XX00-XX0X-0000-000X-XXXX000000X0
Core Storage LV UUID: X0XXX0X0-X000-00X0-XXXX-0XX00000X000
Core Storage disk: disk2
Finished CoreStorage operation on disk1s2 500G
Encryption in progress; use `diskutil coreStorage list` for status

root@osx# diskutil list /dev/disk1
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk1
   1:                        EFI                         209.7 MB   disk1s1
   [color=green]2:          Apple_CoreStorage 500G                    499.8 GB   disk1s2[/color]
   3:                 Apple_Boot Boot OS X               134.2 MB   disk1s3
root@osx# diskutil list /dev/disk2
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   [color=green]0:                  Apple_HFS 500G                   *499.4 GB   disk2[/color]

root@osx# diskutil coreStorage list
CoreStorage logical volume groups (1 found)
|
+-- Logical Volume Group 00X00X0X-XX0X-0X00-0000-00XX000000XX
    =========================================================
    Name:         500G
    Sequence:     1
    Free Space:   0 B (0 B)
    |
    +-< Physical Volume 0X00XX00-XX0X-0000-000X-XXXX000000X0
    |   ----------------------------------------------------
    |   Index:    0
    |   Disk:     disk1s2
    |   Status:   Online
    |   Size:     499763888128 B (499.8 GB)
    |
    +-> Logical Volume Family X000XXX0-0XXX-0000-0X00-00XXXX00X00X
        ----------------------------------------------------------
        Sequence:               6
        Encryption Status:      Unlocked
        Encryption Type:        AES-XTS
        Encryption Context:     Present
        Conversion Status:      Converting
        Has Encrypted Extents:  Yes
        Conversion Direction:   forward
        |
        +-> Logical Volume X0XXX0X0-X000-00X0-XXXX-0XX00000X000
            ---------------------------------------------------
            Disk:               disk2
            Status:             Online
            Sequence:           4
            Size (Total):       499445116928 B (499.4 GB)
            Size (Converted):   32658948096 B (32.7 GB)
            Revertible:         Yes (unlock and decryption required)
            LV Name:            500G
            Volume Name:        500G
            Content Hint:       Apple_HFS
root@osx# [color=green]diskutil cs revert disk1s2[/color]
Authentication required for reverting a locked volume
Passphrase:
Started CoreStorage operation on disk1s2
Finished CoreStorage operation on disk1s2
Decryption in progress; use `diskutil coreStorage list` for status

Thou shalt not steal!

If you want to use this information on your own website, please remember: by doing copy/paste entirely it is always stealing and you should be ashamed of yourself! Have at least the decency to create your own text and comments and run the commands on your own servers and provide your output, not what I did!

Or at least link back to this website.

Recent content