You don’t need third-party utilities like VeraCrypt to create a secure, encrypted container for your sensitive files on your Mac. You can create an encrypted disk image using the built-in Disk Utility.

To be fair, you can also create an encrypted container using the built-in BitLocker feature on Windows, but that requires you have a Professional or Enterprise edition. The Mac trick we’re talking about here works on any Mac. After you create an encrypted disk image, you can “mount” that image file, provide your password, and get access to your stuff. Whenever you want to lock access to your files, you just unmount the image file. Here’s how to do it.

Create an Encrypted Disk Image

To get started, you’ll need to open the Disk Utility application. Open a Finder window, click “Applications” in the sidebar, double-click the “Utilities” folder, and then double-click the “Disk Utility” item. You can also just press Command+Space to open Spotlight search, type “Disk Utility” into the search box, and then press Return to open it.

In the Disk Utility window, head to File > New Image > Blank Image.

This create a new disk image (.dmg) file. Here are the options you’ll need to configure:

  • Save As: Provide a file name for the disk image file.
  • Name: Provide a name for the disk image file. This name is more of a description—it appears as the name of the container when the file is mounted.
  • Size: Choose a size for your disk image file. For example, if you choose 100 MB, you’ll only be able to store up to 100 MB of files inside it. The container file takes up the maximum file size immediately, no matter how many files you put inside. So, for example, if you create a 100 MB disk image file, it takes up 100 MB of hard drive space, even if you have’t move any files inside it yet. You can enlarge or shrink the disk image later, if you need to.
  • Format: Select Mac OS Extended (Journaled) as the file system.
  • Encryption: Choose either 128-bit or 256-bit AES encryption. 256-bit is more secure, while 128-bit is faster. If you’re encrypting sensitive files, you’ll probably want to choose 256-bit and accept the slight slow-down for more security.
  • Partitions: Select “Single partition – GUID Map” to use a single partition inside your disk image file.
  • Image Format: Select “read/write disk image” so you can read from and write to the disk image at any time.

When you opt for an encrypted drive, you’re also prompted to create an encryption password for your disk image. Provide a strong password—you can use the “Key” button here for tips on creating a strong one.

If you lose this password, you’ll lose access to the files inside your encrypted disk image. Be sure to pick something memorable.

You’ll probably want to uncheck the “Remember password in my keychain” option. This option remembers the password in your Mac user account’s keychain so it can be automatically filled in the future. But you don’t necessarily want anyone who can sign in to your Mac to also have access to your encrypted container.

The disk image is created, formatted, and automatically mounted for you. You’ll find it on your desktop and in the Finder under Devices. To encrypt files, just save them to this device like it was any other hard drive.

To unmount the encrypted disk image, click the Eject button under Devices in Finder or right-click or Ctrl+click its desktop icon and select the “Eject” command.

Mount the Encrypted Disk Image

To mount the encrypted disk image in the future, locate its file on your hard drive—it will have the .dmg file extension—and double-click it. You’ll be asked for the encryption password you provided while setting it up.

After you provide the password, you can access the contents of the file just as you would access any other disk image or removable device.

Enlarge or Shrink Your Encrypted Disk Image

If you’re running out of space inside your encrypted disk image and don’t want to create another one, you can enlarge your existing image. Or, if you’re not using the full size of your disk image, you can shrink it to save space on your hard drive.

To do this, open Disk Utility, and then head to Images > Resize.

You’ll be prompted for your encryption password.

Note that you won’t be able to resize the disk image if it’s currently mounted. If the Resize Image button is  grayed out, just click the Eject button in the Disk Utility window, and then try again.

You can now do whatever you like with your encrypted .dmg file. Keep it on your hard drive, copy it to a USB drive, or even store it online using a cloud file storage service like Dropbox. People won’t be able to access its contents unless they have the password you provided. You can mount the encrypted file on any Mac as long as you have the password.

Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »
Profile Photo for Justin Pot Justin Pot
Justin Pot has been writing about technology for over a decade, with work appearing in Digital Trends, The Next Web, Lifehacker, MakeUseOf, and the Zapier Blog. He also runs the Hillsboro Signal, a volunteer-driven local news outlet he founded.
Read Full Bio »