Sunday, October 19, 2014

Using Evernote Securely on a Mac

Evernote stores your account database in cleartext on your Mac. This is important to know because most, if not all, of your Evernote is downloaded on to your Mac. If you have a lot of sensitive data in your Evernote account, you may want to consider having the data stored in an encrypted state.

You can also use Mac's FileVault for complete disk-level encryption and this article would be moot. But if you only wanted some parts of your hard drive to be encrypted, then continue reading. 

What should you use to create the encrypted volume?

You may use many methods to create encrypted volumes. I have used Truecrypt as well as its new variant (due to Truecrypt's deprecation), Veracrypt to create the encrypted volume.  In this post, I will show how to use the native Mac encrypted volume disk utility wonderfully called "Disk Utility."

This utility allows AES 256-bit encryption, which is FIPS-compliant.

Create the Encrypted Volume

  1. Open “Disk Utility"'
  2. Click on “New Image"
    1. Select where you would like the image file (.dmg extension) to be placed
    2. Name: Decide on a name. For the purposes of future instructions, you can name it “Evernote_Encrypted_Volume"
    3. Size: Choose a size that you think will be the size of your Evernote database including all the notes, images, videos, etc, that you store in it. If you are a power user, perhaps 4.6 GB or 8.3 GB will be a good size. Your call.
    4. Encryption: Choose 256-bit AES. 
      1. Note: This is the whole point of the encrypted drive — pick something!
    5. Partitions: Hard drive
  3. Set a password. 
    1. Note: This is where your password counts. Set something strong.
  4. Check or uncheck? “Remember password in my keychain"
  5. I prefer to uncheck since I want this to be harder to access. Leave it checked for convenience.

Let Evernote Setup its Default Files

This allows Evernote to setup its default files so that you can move and re-map them into the new encrypted volume "Evernote_Encrypted_Volume"
  1. Open Evernote
  2. Login
  3. Allow some downloads to occur so that default files are created
  4. Once some files have downloaded, you can quit. The following three folders should appear. If they do not, you may need to let Evernote sync more files or you have a different version of Evernote that may have different folders.
    1. ~/Library/Application\ Support/com.evernote.Evernote
    2. ~/Library/Application\ Support/com.evernote.EvernoteHelper
    3. ~/Library/Application\ Support/Evernote



Move Evernote Support files to the Encrypted Volume

We will be moving three Evernote support folders described above to the newly created encrypted volume.
  1. Quit Evernote if it is open. This needs to be closed to make these low level changes.
  2. Move the folder "~/Library/Application\ Support/com.evernote.Evernote" to the "Evernote_Encrypted_Volume"
    1. Note: make sure the folder no longer exists in the Application Support folder
    2. Create symbolic link
      1. Open Terminal and run the following command
      2. ln -s /Volumes/Evernote_Encrypted_Volume/com.evernote.Evernote/ ~/Library/Application\ Support/com.evernote.Evernote
      3. Note: If you get a path cannot be found, it could be because you called "Evernote_Encrypted_Volume" something else so edit this command.
  3. Move the folder "~/Library/Application\ Support/com.evernote.EvernoteHelper" to the "Evernote_Encrypted_Volume"
    1. Create the symbolic link
      1. Open Terminal and run the following command
      2. ln -s /Volumes/Evernote_Encrypted_Volume/com.evernote.EvernoteHelper/ ~/Library/Application\ Support/com.evernote.EvernoteHelper
      3. Note: If you get a path cannot be found, it could be because you called "Evernote_Encrypted_Volume" something else so edit this command.
  4. Move the folder "~/Library/Application\ Support/Evernote" to the "Evernote_Encrypted_Volume"
    1. Create the symbolic link
      1. Open Terminal and run the following command
      2. ln -s /Volumes/Evernote_Encrypted_Volume/Evernote/ ~/Library/Application\ Support/Evernote
      3. Note: If you get a path cannot be found, it could be because you called "Evernote_Encrypted_Volume" something else so edit this command.

Test to ensure nothing is broken 

If it hangs or has a bunch of errors, start over.
  1. Open Evernote
  2. Old files should continue to sync
  3. New files should sync to Evernote's central servers

Test if Evernote is using the Encrypted Volume

Indicator #1: If you unmount the encrypted volume, Evernote should NOT be able to work

  1. Quit Evernote
  2. Unmount the encrypted drive using the Disk Utility
    1. Note: You cannot unmount the drive until you quit Evernote
  3. Open Evernote
  4. Login (if you can)
  5. If Evernote hangs or shows errors, this should be enough of an indicator

Indicator #2: Large com.evernote.Evernote folder

  1. Open the Encrypted Volume at /Volumes/Evernote_Encrypted_Volume
  2. Do a "Get Info" on the "com.evernote.Evernote"
  3. If the size is very large, you probably did it right. This folder is very large because this contains your downloaded Evernote data.

FAQ

How do I know my Evernote database is in the encrypted drive?

The encrypted drive is the folder called "com.evernote.Evernote". If you do a "Get Info" on the "com.evernote.Evernote" folder by right-clicking on it, you will see it is a very large file that grows regularly as you add and sync files.