In association with heise online

09 August 2012, 16:57

Open source tools for accessing FileVault-encrypted Macs

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

FileVault logo The libfvde project's open source library and tools allow users to access data on volumes that have been encrypted with Apple's FileVault2 hard disk encryption program on Mac OS X 10.7 Lion. With libfvde and fvdetools, these volumes can be read using either a Mac OS X or a Linux system.

The tools use Filesystem in Userspace (FUSE) to, for example, mount an image of a Mac system disk encrypted with FileVault2. To this end, they extract the volume master key – although the user still needs to unlock it by entering the password. This means that if a user doesn't know the volume's password, libfvde can't access the encoded data. A wiki page explains the first steps involved for working with fvdemount and other programs.

However, a few quick tests conducted by The H's associates at heise Security revealed a significant limitation: libfvde currently only works with system volumes, for which Mac OS X creates a special recovery partition that includes a file called EncryptedRoot.plist.wipekey with a copy of the required encoded volume master key. Mac OS X Lion can also encrypt external hard drives and USB flash drives with FileVault2, but it doesn't create a recovery partition for these. Project head Joachim Metz told heise Security that he and his team members are still looking for a way to extract the key needed for decoding volumes without a recovery partition.

The libfvde library and tools are available to download from the project's Google Code page and are licensed under the LGPLv3.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit