I believe you need a Recovery HD on that volume to let FileVault 2 do it's business. Here's the article on how to FileVault 2.
I believe the section where it says FileVault 2 requires OS X Lion or Mountain Lion and Recovery HD installed on your startup drive is not technically correct, since the keys to decrypt an external drive would only be stored on the internal drive of the Mac doing the encryption.
I know this isn't true since I've had encrypted external drives that I've taken to several Mac and had all of them read it. You could start by letting Time Machine encrypt the external drive since that's the canonical GUI manner to get FileVault 2 on an external drive.
You can do everything in terminal though. Here is your recipe - bookmark this guy's web site - Rich is an asset to the community for documenting how to wrangle encryption and many other things.
Here is what a functioning external without FileVault 2 looks like to me (warning - this is all on Mountain Lion).
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk2
1: EFI 209.7 MB disk2s1
2: Apple_HFS HEAP 10.0 GB disk2s2
3: Apple_HFS Time Machine 300.0 GB disk2s3
4: Microsoft Basic Data EXCHANGE 189.6 GB disk2s4
So, you can convert things thusly:
Air:~ me$ diskutil cs convert /Volumes/HEAP -passphrase
New passphrase for converted volume:
Confirm new passphrase:
Started CoreStorage operation on disk2s2 HEAP
Resizing disk to fit Core Storage headers
[ | 0%..10%.............................................. ]
After a short delay, the progress will end and you will get this notice:
Air:~ me$ diskutil cs convert /Volumes/HEAP -passphrase
New passphrase for converted volume:
Confirm new passphrase:
Started CoreStorage operation on disk2s2 HEAP
Resizing disk to fit Core Storage headers
Creating Core Storage Logical Volume Group
Attempting to unmount disk2s2
Switching disk2s2 to Core Storage
Waiting for Logical Volume to appear
Mounting Logical Volume
Core Storage LVG UUID: 4FA72C96-80B5-4794-B6C9-D5E94B3194C8
Core Storage PV UUID: A60F4F77-18F7-4972-9A37-4873390BE326
Core Storage LV UUID: 02A09627-7955-4671-84F7-BD26FE1D9B93
Core Storage disk: disk3
Finished CoreStorage operation on disk2s2 HEAP
Encryption in progress; use `diskutil coreStorage list` for status
Setting aside whether Lion has the same output (since it likely will not end the command until the encryption is done) - here is the end result of what the diskutil list
command shows once the external has been encrypted:
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk2
1: EFI 209.7 MB disk2s1
2: Apple_CoreStorage HEAP 10.0 GB disk2s2
3: Apple_Boot Boot OS X 134.2 MB disk2s6
4: Apple_HFS Time Machine 300.0 GB disk2s3
5: Microsoft Basic Data EXCHANGE 189.6 GB disk2s4
It appears that disk2s6 gets shaved off the 10.0 GB disk2s2 and serves to hold the keys for [en|de]crypting HEAP.
Select the service template, change the input type to files, add a Run Shell Script action, select pass input as arguments, and paste this script:
pass() {
osascript - "$1" <<END
on run args
tell app (path to frontmost application as text)
text returned of (display dialog ("Enter password for " & item 1 of args) default answer "")
end
end
END
[ $? != 0 ] && exit 0
}
for f in "$@"; do
if [[ "$f" == *.enc ]]; then
pass "$f" | openssl enc -d -aes-256-cbc -pass stdin -in "$f" -out "${f%.enc}"
else
pass "$f.enc" | openssl enc -aes-256-cbc -salt -pass stdin -in "$f" -out "$f.enc"
fi
done
exit 0
It doesn't show specific error messages, you have to run the service again if you enter a wrong password, and there is no way to use the same password for multiple files. It would be easier to just do it from a shell.
Best Answer
Espionage is also a paid app, but should be 'better' then Knox.