Transferring files securely

If you're traveling and you need a key document, such as the latest draft of your business plan or the presentation your colleagues just finished, there are many ways you can get it: e-mail, iDisks, and online file services such as SendThisFile or YouSendIt. But if the document you need is super-confidential, you may not want to trust any of those file-transferring tools, because they aren't secure; if someone really wanted to, he or she could probably intercept and open the file somewhere along the line. There are several alternatives, however, and most of them are quite simple.

Sending Securely

E-mail is the most straightforward way to transfer files or information in text form, but it has its limitations: most ISPs restrict the size of e-mail messages to 10MB or 20MB. If you have files of moderate size that you want to transfer, e-mail is the best solution, and it’s easy to do so securely. The key is to set up your mail program to encrypt the message you’re sending, and then make sure the person at the other end can decrypt it.

To work with encrypted e-mail, you first need to obtain a certificate—a way of proving who you are and providing a private key for encryption. You can get a certificate for free from Thawte’s Personal E-Mail Certificates page. Create an account there, choose the appropriate browser and level of protection, and then download the certificate and add it to your keychain. (For more information, see Keep Your Secrets with Mail. That story explains how to set up Mail to send and receive encrypted messages; the procedure is similar for Entourage, but check its help files for details.)

If you don’t want to bother with obtaining and setting up certificates, there’s another way to send encrypted files by e-mail: you can put them in an encrypted disk image and then attach it to your message. Apple’s Disk Utility (/Applications/Utilities) can help you do this with just a few clicks.

Encrypted e-mail
When you receive encrypted e-mail, the Security header in Mail shows you that the message has indeed been encrypted.
Open Disk Utility and choose File: New: Blank Disk Image. Type a name in the Save As field; specify the size, format, and level of encryption (128- or 256-bit); and click on Create. Then enter the password you want to use. For Volume Format, use Mac OS Extended, not Mac OS Extended (Journaled). If you use journaling, the minimum size of the disk image is 10MB, and only 1.7MB of that is available; the journal takes up the rest of the space. Without journaling, you can create a 5MB disk image (that’s the smallest available size) and you’ll be able to use all of its space. (For more details on this process, check out Encrypt Files for Safety.)

After you’ve created the encrypted disk image, drag your files to it and unmount the virtual disk. You can then send the disk-image file as you would any other e-mail attachment. There’s just one hitch: to open it, your recipients will need the password you specified when you created the disk image. You can’t send that password in an e-mail message; that would defeat the purpose of the encryption. You’ll need to either agree on a password beforehand, or exchange one over the phone.

You can also transfer files through an instant messaging client, such as Apple’s iChat, which can encrypt your text, audio, and video chats, as well as file transfers you make via the program. This encryption is only available, however, if both the sender and receiver have MobileMe accounts and activate encryption in iChat's preferences (Accounts: Security). If both users don't have MobileMe accounts, you can create an encrypted disk image (as described above) and send that via iChat, or you can use a third-party encryption program: the $100 PGP Desktop includes a file-transfer encryption module for iChat and AOL Instant Messenger.

On the Receiving End

While you can rely on e-mail and iChat to send files securely from the road, it can be harder to receive them securely. If you need to get files from your office or home Mac, perhaps someone there could send them to you, using one of the techniques outlined above. But, as Murphy’s Law often dictates when you’re in this situation, that’s not always possible. Here are some alternatives.

The first thing to try is Leopard’s Back to My Mac, which lets you access your Mac at home as though it were on a local network. After you’ve set up and activated Back to My Mac, your home Mac will show up in the Shared section of the Finder sidebar. You can then mount the Mac, browse its files, and copy what you want; all file transfers are secure.

However, Back to My Mac is notoriously flaky; it works best with Apple’s AirPort routers, and you have to be punctilious about setup. If you’re going to rely on it for remote file access, be sure to test the setup before you leave for your trip. If it works, it’s as transparent as sharing files with a Mac in the next room. (For more on setting up Back to My Mac, see Inside Back to My Mac.)

If Back to My Mac isn’t a viable option, you can set up the remote Mac for secure FTP (SFTP) and then simply connect to it and transfer your files over the Internet. Such file transfers are both easy and encrypted. To enable SFTP, go to the Sharing preference pane and select Remote Login (if it’s not on already); you don’t need to turn on file sharing.

Then you’ll need to configure your Mac so you can connect to it remotely. If your router has a fixed IP address, you can use port forwarding. For SFTP, you have to forward port 22; see your router’s documentation or setup tools for information on doing so. If you don’t have a fixed IP address, you can still connect to your Mac by setting up a dynamic DNS service such as DynDNS. (Remotely Access Your Mac explains how.)

Secure FTP
Transferring files with an FTP client—even using secure FTP—is as simple as dragging and dropping them.
Once you’ve made your Mac accessible, you’ll need an FTP client program, such as Panic’s $30 Transmit or any other FTP program that handles SFTP (most do), to access your files. Launch the program and enter the IP address—either your fixed address or the one you got from the dynamic DNS service. Enter the user name and password for the user account on your Mac, select SFTP from the Protocol menu, and then click on Connect. You’ll see a list of your folders, and you can browse them and copy any files by dragging them to the other side of Transmit’s window.

One thing to keep in mind: All this requires that your Mac be on when you want your files. But you may not want to leave your Mac running all day long. You can use the Schedule button of the Energy Saver preference pane to set your Mac to wake up and go to sleep at certain times. If you’re not sure when you’ll need it, set it to stay awake during the day. If you know you’ll want to access your Mac at more specific times, you can set it to wake for, say, two hours in the morning and two hours in the afternoon.

The Final Word

No matter which of these methods you choose, you’ll be able to send or access files when you’re on the road, secure in the knowledge that no snoops sniffing around a network can read your data. If your files are confidential, you can rest assured that they’ll remain that way.

Kirk McElhearn writes about more than just Macs at Kirkville.

Subscribe to the iOS Tips & Trends Newsletter

Comments