Knox: File Encryption and Security Made Easy

My work requires me to keep confidential notes. I hunted around for some time to find the best way of doing this on my Mac, and tried several different options. What I used for a long time was password-protected entries in either Yojimbo, VoodooPad or Together. Unfortunately, in each case I felt something was missing.

I also tried Espionage. What I liked about this solution was the simplicity of making my notes in plain text files and dropping them into folders, which were then securely encrypted as a whole. I found, though, that I was prompted far too often to supply passwords to unlock the archives it creates so that online backups or other apps could interact with them. What I discovered instead was another app that did a similar job but required far less interaction: Knox.

Knox was already a well-established app when, back in May, it was acquired by Agile Web Solutions, the folks who brought us the excellent (and I would say essential) 1Password. After the jump we’ll walk through Knox’s main features so you can see if it matches your way of working.

Getting Started

The first time you run Knox, it will prompt you to create a new ‘vault,’ which is the name it gives to the encrypted disk images it works with:

Creating a Vault

Creating a Vault

Clicking the disclosure triangle labelled ‘Show advanced options’ gives you more control over the location, size, compatibility and encryption of your new vault:

Advanced Options

Advanced Options

Hit Create, and Knox will set about making your vault:

Creating Your Vault

Creating Your Vault

Knox in Use

Once you’ve made that first vault, Knox runs unobtrusively, appearing as a small briefcase icon in your menu bar:

Desktop Vault

Desktop Vault

Because Knox’s vaults are encrypted disk images, once you’ve unlocked them, they are mounted as external drives and operate as any other folder. Any vaults that are currently open will be shown on your Desktop (if you’ve set Finder to display external disks), and double-clicking the Desktop briefcase icon will open the vault in Finder.

Simply drag any files or folders you want included straight into the Finder window, or drop them on the Desktop icon for the particular disk image, and your information is encrypted using the Advanced Encryption Standard (AES) algorithm.

When you’re done and want to lock away those files, you can either simply eject the disk image (by selecting it and hitting [cmd]+[e], or dragging it into your Trash), or you can click on the menubar icon and untick the title of the particular vault you want closed.

Vault in Menu Bar

Vault in Menu Bar

To open a vault, you start by clicking on the menu bar icon, and then selecting the vault – you’ll be prompted to enter a password to unlock it:

Unlocking the Vault

Unlocking the Vault

Once that’s done, you’re back to interacting with your information exactly as you would in any other Finder window.

Extras

In Knox’s Preferences, you can set Backup locations for each vault, and set a schedule for when backups are made – you can choose to have your backups saved to a network drive, to an iPod, your MobileMe iDisk, or to a local folder (which could be your Dropbox folder if you want to keep a backup in the Cloud).

You can select whether backups happen automatically, or whether you initiate them manually. Of course, since your data is always stored on your hard drive, your vaults would also be included in a Time Machine backup, though the developer warns against relying on this.

If you’re having difficulty coming up with a strong password for your new vault, you can click on the key icon to the right of the Password box in the New Vault dialogue, which brings up Knox’s Password Assistant:

Password Assistant

Password Assistant

The assistant can help generate passwords in several different ways, and scores the strength of its suggestions or any passwords you want to test manually. Agile Web Solutions are apparently exploring the possibilities of linking Knox and 1Password, which would seem an excellent match.

And a final thing to mention as an Extra, although this really is quite crucial to your data security: in Preferences, you can select whether Spotlight indexing runs on your vaults. In my case, I would definitely prefer this not to happen, so it’s great to have control, and for the default position to be that your vaults are not indexed.

One User’s Experience

I love the simplicity of using Knox. When I need to work with my confidential information, I open up the app, mount my vault, and my data is stored in handy plain text. When I’m done adding or editing, I secure the vault and close Knox. Since I only need access once or twice per day, there’s no point in having the app running constantly in the background (nor any helper app).

I’m aware that my vaults are very easily deleted – that’s as simple as navigating to the store of vaults, which is by default in a ‘Knox’ folder in your Documents, and hitting [cmd]+[backspace]. Some might wish for more strictly managed data integrity, but I’m okay with this risk.

Similarly, you might expect that Knox, like 1Password, would lock itself down after a specified period of being open and not used. The developers suggest in a FAQ that you rather use a password protected screensaver. They’re quite right that this would provide a similar level of protection, but I’m sure some will remain unconvinced.

When we reviewed Espionage a few months back, there was some quite technical discussion in the comments about data security and different file systems. I’m afraid I don’t know if Knox improves on these issues – I suspect not, since the commenter was pointing out issues to do with the way OS X stores data in the first place, and that hasn’t changed.

I’m not so concerned about the issues raised, and found Espionage’s developer’s responses quite convincing. It might be worthwhile your going back to the post, though, especially if you’re more tech savvy. Please chime in in the comments below if you have any strong feelings about this.

So, in the final analysis: am I using Knox? Actually, no, not at the moment – at least not for the bulk of my notes. It really surprised me to discover that 1Password’s Secure Notes feature does an excellent job of storing my notes, and provides a secure working environment in which to enter and edit them.

The ability to sync my notes to 1Password on my iPhone rounds out the experience, allowing me to check back on things when I’m on the road and away from my Mac. So that’s become my main notes app, though I keep all supplemental material – copies of letters written to clients, invoices, etc. – in a secure Knox vault that is working very well indeed for me.


Summary

Knox lets you easily create, access, and backup encrypted file vaults. These vaults are great for storing large number of files of any size: confidential documents, images, source code, application data files, customer information.

8
  • Andy

    Wouldn’t we just be better off using the built in OS X sparsebundle

    • http://www.taoeffect.com/ Greg @ Tao Effect

      Hi Andy!

      Yes, for many instances a sparsebundle will do just fine, and Knox is basically an interface that some find convenient for using sparsebundles.

      However, they can’t be used (on their own) to encrypt application data (email, chat histories, etc.), which is what we designed Espionage for.

      Also, disk images create the issue of having to deal with “two entities”, i.e. one is the disk image itself, and the other is the volume that’s mounted when you double-click on it, which is accessed in a different location.

      Espionage combines various technologies (including sparsebundles) to create encrypted folders. So this means that to access your encrypted data, you just open the encrypted folder. :-)

      Kind regards,
      Greg, Tao Effect

  • Kubernan

    Hello,

    “My work requires me to keep confidential notes.” Me too, that’s why i use the command : hdiutil create -encryption AES-128 -volname MyVolName -size 100g MyDiskImageName -type SPARSEBUNDLE -fs HFS+

    Easy, fast.

  • Dustin
  • Hansgerd Zappenduster

    I agree with comments above. At all this app has to be free. The Password Assistant is pure OS X too.

  • Felix

    Link to the wallpaper? I think it is not the standard wp from apple.

  • Andy

    http://db.tidbits.com/article/9673

    For a good explanation of sparse bundles and soars images

  • http://www.taoeffect.com/ Greg @ Tao Effect

    “I found, though, that I was prompted far too often to supply passwords to unlock the archives it creates so that online backups or other apps could interact with them.”

    We’ve updated Espionage many times since your review, did you get a chance to try the latest version?

    I’m pretty certain you’ll find we’ve addressed any issues with frequently appearing password prompts. :-)

    It should also be mentioned that Espionage and Knox aren’t directly comparable, as the feature sets are quite different. For example, Knox is incapable of encrypting application data like email, chat histories, data for finance apps, etc., while Espionage can do it no problem because of its advanced integration with the system.

    Cheers,
    Greg, Tao Effect

    • Ethan Wright

      Calm down dude, they just chose not to review your app, no worries, you don’t have to prove you app is the same or better than this app. I get very tired of Developers coming into the comments and defending their applications when there is no need to…… Please, this is a place to learn, not to advertise.

      • http://www.taoeffect.com/ Greg @ Tao Effect

        You’re right, I’m not a big fan of advertising myself, so if my comment was advertising-ish you have my apologies.

        I just wanted to address any issue about Espionage that was brought up in the post is all. :-\

        Cheers,
        Greg, Tao Effect

  • Guy

    Or use TrueCrypt, free from http://www.truecrypt.org/ – very well supported and regarded.

    • Andy

      And cross platform

      • foo

        When I was about to look for an encryption utility I thought the same: “Just use TrueCrypt and build some shell script to mount/unmount volumes” etc.

        While searching the net for scripts, GUIs etc. I found comments about Espionage. Installed it and from the first moment found it very handy and intuitive. Am using it daily for Mail/Notes/Adium.app encryption and some other encrypted folders.

        Sure one could live with TC or plain spareimages/bundles but I’ve not regret having chosen Espionage – it makes things easier.

  • ameja

    What about SecureFiles anyone? I’ve read this is the best free option if you are looking at basic encryption needs..

  • jose diaz

    I made a “vault” with its own code like i had done before a couple of times.. except this time I cant open it, either I wrote the password “twice” wrong or something else happened.
    Any ideas on how to unlock this vault?? It’s on my computer so I can do whatever with it..

theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow