Knox: File Encryption and Security Made Easy

My work requires me to keep confidential notes. I hunted around for some time to find the best way of doing this on my Mac, and tried several different options. What I used for a long time was password-protected entries in either Yojimbo, VoodooPad or Together. Unfortunately, in each case I felt something was missing.

I also tried Espionage. What I liked about this solution was the simplicity of making my notes in plain text files and dropping them into folders, which were then securely encrypted as a whole. I found, though, that I was prompted far too often to supply passwords to unlock the archives it creates so that online backups or other apps could interact with them. What I discovered instead was another app that did a similar job but required far less interaction: Knox.

Knox was already a well-established app when, back in May, it was acquired by Agile Web Solutions, the folks who brought us the excellent (and I would say essential) 1Password. After the jump we’ll walk through Knox’s main features so you can see if it matches your way of working.

Getting Started

The first time you run Knox, it will prompt you to create a new ‘vault,’ which is the name it gives to the encrypted disk images it works with:

Creating a Vault

Creating a Vault

Clicking the disclosure triangle labelled ‘Show advanced options’ gives you more control over the location, size, compatibility and encryption of your new vault:

Advanced Options

Advanced Options

Hit Create, and Knox will set about making your vault:

Creating Your Vault

Creating Your Vault

Knox in Use

Once you’ve made that first vault, Knox runs unobtrusively, appearing as a small briefcase icon in your menu bar:

Desktop Vault

Desktop Vault

Because Knox’s vaults are encrypted disk images, once you’ve unlocked them, they are mounted as external drives and operate as any other folder. Any vaults that are currently open will be shown on your Desktop (if you’ve set Finder to display external disks), and double-clicking the Desktop briefcase icon will open the vault in Finder.

Simply drag any files or folders you want included straight into the Finder window, or drop them on the Desktop icon for the particular disk image, and your information is encrypted using the Advanced Encryption Standard (AES) algorithm.

When you’re done and want to lock away those files, you can either simply eject the disk image (by selecting it and hitting [cmd]+[e], or dragging it into your Trash), or you can click on the menubar icon and untick the title of the particular vault you want closed.

Vault in Menu Bar

Vault in Menu Bar

To open a vault, you start by clicking on the menu bar icon, and then selecting the vault – you’ll be prompted to enter a password to unlock it:

Unlocking the Vault

Unlocking the Vault

Once that’s done, you’re back to interacting with your information exactly as you would in any other Finder window.

Extras

In Knox’s Preferences, you can set Backup locations for each vault, and set a schedule for when backups are made – you can choose to have your backups saved to a network drive, to an iPod, your MobileMe iDisk, or to a local folder (which could be your Dropbox folder if you want to keep a backup in the Cloud).

You can select whether backups happen automatically, or whether you initiate them manually. Of course, since your data is always stored on your hard drive, your vaults would also be included in a Time Machine backup, though the developer warns against relying on this.

If you’re having difficulty coming up with a strong password for your new vault, you can click on the key icon to the right of the Password box in the New Vault dialogue, which brings up Knox’s Password Assistant:

Password Assistant

Password Assistant

The assistant can help generate passwords in several different ways, and scores the strength of its suggestions or any passwords you want to test manually. Agile Web Solutions are apparently exploring the possibilities of linking Knox and 1Password, which would seem an excellent match.

And a final thing to mention as an Extra, although this really is quite crucial to your data security: in Preferences, you can select whether Spotlight indexing runs on your vaults. In my case, I would definitely prefer this not to happen, so it’s great to have control, and for the default position to be that your vaults are not indexed.

One User’s Experience

I love the simplicity of using Knox. When I need to work with my confidential information, I open up the app, mount my vault, and my data is stored in handy plain text. When I’m done adding or editing, I secure the vault and close Knox. Since I only need access once or twice per day, there’s no point in having the app running constantly in the background (nor any helper app).

I’m aware that my vaults are very easily deleted – that’s as simple as navigating to the store of vaults, which is by default in a ‘Knox’ folder in your Documents, and hitting [cmd]+[backspace]. Some might wish for more strictly managed data integrity, but I’m okay with this risk.

Similarly, you might expect that Knox, like 1Password, would lock itself down after a specified period of being open and not used. The developers suggest in a FAQ that you rather use a password protected screensaver. They’re quite right that this would provide a similar level of protection, but I’m sure some will remain unconvinced.

When we reviewed Espionage a few months back, there was some quite technical discussion in the comments about data security and different file systems. I’m afraid I don’t know if Knox improves on these issues – I suspect not, since the commenter was pointing out issues to do with the way OS X stores data in the first place, and that hasn’t changed.

I’m not so concerned about the issues raised, and found Espionage’s developer’s responses quite convincing. It might be worthwhile your going back to the post, though, especially if you’re more tech savvy. Please chime in in the comments below if you have any strong feelings about this.

So, in the final analysis: am I using Knox? Actually, no, not at the moment – at least not for the bulk of my notes. It really surprised me to discover that 1Password’s Secure Notes feature does an excellent job of storing my notes, and provides a secure working environment in which to enter and edit them.

The ability to sync my notes to 1Password on my iPhone rounds out the experience, allowing me to check back on things when I’m on the road and away from my Mac. So that’s become my main notes app, though I keep all supplemental material – copies of letters written to clients, invoices, etc. – in a secure Knox vault that is working very well indeed for me.


Summary

Knox lets you easily create, access, and backup encrypted file vaults. These vaults are great for storing large number of files of any size: confidential documents, images, source code, application data files, customer information.

8