macos - hdiutil

Page content


hdiutil is a command-line utility on macOS that allows users to create, manipulate, and convert disk images. Disk images are virtual disk files that can contain the entire file system structure, including files, folders, and metadata. hdiutil provides a variety of functions related to disk images, and it’s a powerful tool for managing disk-related tasks on a Mac.

Basic Usage


echo -n "geheim" |hdiutil create -encryption -stdinpass -size 10m -volname encdata test.dmg -fs HFS+J

mount ro

echo -n "geheim" |hdiutil mount -stdinpass -readonly test.dmg

mount rw

echo -n "geheim" |hdiutil mount -stdinpass test.dmg

create, strong, mount

echo -n "geheim" |hdiutil create -encryption AES-256 -stdinpass -attach -volname encdata -size 10m test.dmg -fs HFS+J


hdiutil unmount /Volumes/encdata


umount /Volumes/encdata

Change Password

hdiutil chpass xxx.dmg

Compact Image

empty Trash first …

rm -rf ~/.Trash/*
umount /Volumes/encdata
echo -n "geheim" |hdiutil compact -stdinpass -batteryallowed test.dmg

Advanced Options

-notremovable   prevent this image from being detached. Only root can use this option. Reboot needed to unmount!
-nobrowse       render any volumes invisible in applications such as the macOS Finder
-encryption     [AES-128|AES-256]

Full Sample with Shell Integration

let’s create an encryptes volume called “sample_enc” with a size of 10 MByte. It’s stored in a File called “sample.dmg” in the Home Directory of the User. The .zprofile also get’s updated so you simply can run “sample_mount” or “sample_unmount” the encrypted Volume.

create volume & sample data

echo -n "sample" |hdiutil create -encryption -stdinpass -attach -volname sample_enc -size 10m ~/sample.dmg -fs HFS+J
dd if=/dev/random of=/Volumes/sample_enc/bla.rand bs=1024 count=5000
umount /Volumes/sample_enc

update .zprofile

cat << EOF >> ~/.zprofile

# mount encrypted volume automatically, added $(date),
alias sample_mount='echo -n "sample" |hdiutil mount -stdinpass ~/sample.dmg'
alias sample_compact='rm -rf ~/.Trash/*; hdiutil compact batteryallowed ~/sample.dmg'
alias sample_unmount='umount /Volumes/sample_enc'

source ~/.zprofile

run these commands from the CLI once. then you can “sample_mount” and “sample_unmount” the volume simply. adjust all the parameters for your needs

Any Comments ?

sha256: 240e38cfd6eb27ead04fbb0ed7c3fda96203fe15fdac2c704d7bbbb49040d05f