Encrypt Gmail offline (Gears) data
_(Note that the following _Mac_-related; I only own Mac computers, so I didn’t try to find a solution to this problem on Windows.)
Since Gmail released the Offline feature in Labs, I guess many people have enabled it. I did, as soon as the feature was available in my account. And one of the first thing I did after enabling it, is trying to see how I could secure the data it downloads.
Why? Simply, because anyone with physical access to your computer can see your Gears database, which, if you enabled Offline mode in Gmail, now includes all your recent emails, including attachments. By encrypting the Gears database, if someone steals your computer, he won’t be able to read the Gears database, since it will be protected by a password. And no, just having auto-login disabled doesn’t protect you against this. Anyone can insert the Mac OS X install DVD, reset your password, and enter your account. This is why you either need something like FileVault, or use encrypted disk images (DMG) for your sensitive data. I use a technique similar to the one describe below to secure my important documents, like my tax e-papers, banking infos, etc.
I’m not using FileVault; that would have been one way to secure the Gears database, but since I’m using CrashPlan for backups, and prefer to run it all the time versus only when I’m logged in (a requirement to allow CrashPlan to backup files in a FileVault-ed home directory), I looked for another way.
It seems it’s pretty easy: just create an encrypted DMG with the content of the Gears directory, create a symbolic link to it at the original location, and auto-mount the DMG on login.
Here’s an easy to follow walkthrough of the necessary steps:
1. Start Disk Utility
2. File > New > Disk Image from Folder…
3. Here, you need to find the Gears directory you want to secure. If you use Safari, It’s
~/Library/Applications Support/Google/Google Gears for Safari
If you use Firefox, it’s ~/Library/Caches/Firefox/Profiles/something/Google Gears for Firefox
4. Select where you want the DMG to be created. I selected the parent directory (it’s the default). Anywhere is fine.
At the bottom, in Image Format, select read/write. Compressed probably works too, but I doubt you’d really save space; the Gears files are probably compressed enough.
In Encryption, pick anything else than none. I selected 128-bit. Feel free to pick 256-bit if you prefer.
(Close your browser now, to make sure the Gears database is not modified while the DMG gets created. You can re-open it once the DMG is complete.)
Click Save, and select a good password.
If you need to enter a password to login on your computer (i.e. auto-login is disabled), choose the option to save the password in your keychain.
Important: Do NOT select this option if you have auto-login enabled. If you do, all this serves nothing, as anyone who will open your computer will have access to Gears data!
Side-note: Why is it safe to save the password in your Keychain if you have auto-login disabled? Simply, because unlike your account password, the keychain password can’t be reset. That means if someone steals your computer, he wouldn’t be able to access your keychain, even after resetting the account password using a Mac OS X install DVD.
Side-side-note: Yes, normally, the keychain password follows the account password. So if you change your password by providing you old password (like you usually do), the keychain password will also be changed. But this is not true when you reset your password without providing your old password, because Apple designed the keychain to be secure against such attacks.
Enough babbling; on with the rest of the procedure.
5. Once the DMG is complete, mount it (double-click it).
6. Delete the original Google Gears for … directory.
7. Open Terminal, and enter the following commands (depending on what browser you use):
If you use Safari, execute this:
cd 'Library/Application Support/Google/'
ln -s '/Volumes/Google Gears for Safari'
If you use Firefox, execute this:
ln -s '/Volumes/Google Gears for Firefox'
8. Open System Preferences > Accounts.
Select the Login Items pane.
Drag-and-drop the DMG from the Finder into Login Items list.
This will auto-mount the DMG when you login, so it’s always available.
And you’re done. Now, the Gears data is on an encrypted disk, which is only available with the password you provided, or with access to your keychain (which require your account password; hope it’s a good password too, and not your wife’s name!)
If you have suggestions on how to improve this, or how to do the same thing on Windows, feel free to comment below. I’ll be happy to link to other related information.