Open in app

Sign in

Write

Sign in

Secure erase ?

Secure Delete in OSX (Ventura)

Colin Bitterfield
5 min readMar 27, 2023

--

Recently, I was asked how to securely delete the free space of a file on OSX. Back in the OSX El Captain days finder had an option “Secure Erase” for the trash can. That option has been removed on all of the modern OSX versions due to how SSDs work. Most of the articles I read still point back to older versions.

How to securely delete files on a Mac System from the command line or finder.

After some research, I found the binary (srm) secure remove for all OSX/Linux systems. There is a binary for Windows in the repository.

secure rm

Download secure rm for free. srm is a command-line program to delete files securely. srm (secure rm) is a command-line…

sourceforge.net

Secure rm can be installed with MacPorts or possibly HomeBrew. It can also be installed via compiling with XCode tools in under a minute.

Step 1: Install XCode or XCode CLI.

XCode is apples native compiler (like GCC). If you are going to compile anything from source code at least the CLI tools need to be installed.

Either install the full application from the Apple App Store or use the following CLI commands.

xcode-select --install
sudo xcodebuild -license accept

Step 2: Download the SRM package

Download Source Package

Download with wget

wget -O srm-1.2.15.tar.gz https://sourceforge.net/projects/srm/files/1.2.15/srm-1.2.15.tar.gz/download

Step 3: Compile

tar -zxvf srm-1.2.15.tar.gz
cd srm-1.2.15
./configure
make all 
sudo make install

The binary will install to /usr/local/bin by default. Change this with ./configure if desired.

Examples of Secure Deletion

Type of Deletion explained

--simple 
 Overwrite the file with a single pass of 0x00 bytes.  This is the default mode.

--openbsd
OpenBSD compatible rm.  Files are overwritten three times, first with the byte 0xFF, then 0x00, and then
              0xFF again, before they are deleted.

--dod
US Dod compliant 7-pass overwrite.

--doe
US DoE compliant 3-pass overwrite.  Twice with a random pattern, finally with the bytes "DoE".  See
              http://cio.energy.gov/CS-11_Clearing_and_Media_Sanitization_Guidance.pdf for details.

--gutmann
 Use the 35-pass Gutmann method.  See http://en.wikipedia.org/wiki/Gutmann_method for details.

--rcmp
Royal Canadian Mounted Police compliant 3-pass overwrite.  First pass writes 0x00 bytes.  Second pass
              writes 0xFF bytes.  Third pass writes "RCMP".  See https://www.cse-cst.gc.ca/en/node/270/html/10572 for
              details.

Example 1: Delete a single file

srm --dod srm-1.2.15.tar.gz

Example 2: Delete a group of files

add “-vvv” for more information

 srm -vvv --dod test?

Output
srm: removing test1
srm: file size: 2097152, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing test2
srm: file size: 2097152, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing test3
srm: file size: 2097152, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing test4
srm: file size: 2097152, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync

Example 3: Recursively delete a folder(directory)

srm -vvv -r --dod ./srm-1.2.15/

output (snip)
srm: removing ./srm-1.2.15/srm.sln
srm: file size: 1988, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing ./srm-1.2.15/srm.spec
srm: file size: 947, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing ./srm-1.2.15/install-sh
srm: file size: 13663, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing ./srm-1.2.15/configure.ac
srm: file size: 1763, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing ./srm-1.2.15/INSTALL
srm: file size: 371, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing ./srm-1.2.15/test/fill.o
srm: file size: 2240, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode
pass 7 sync                        srm: removing ./srm-1.2.15/test/fill_test
srm: file size: 39638, buffer_size=4096
srm: buffer_size=1048576
srm: US DoD mode

Taking it one step further and adding to finder with “Automator”

This is a bit of a work in progress and will be tailored to individual needs

Step 1: Open Automator and select Quick Action

Automator Quick Action

Step 2: Wire up the finder to Apple Script

Apple Script

Step 3: Add the following code (Apple Script)

on isDirectory(someItem) -- someItem is a string
 set filePosixPath to quoted form of (POSIX path of someItem)
 set fileType to (do shell script "file -b " & filePosixPath)
 if fileType ends with "directory" then return true
 return false
end isDirectory



on run {thePaths, parameters}
 set the_results to {}
 set srmLocation to "/opt/local/bin/srm"
 -- Update the initial progress information
 set thePathCount to length of thePaths
 
 --get delete method
 set DeleteMethods to {"simple", "openbsd", "dod", "doe", "gutmann", "rcmp"}
 set theDeleteMethod to choose from list DeleteMethods with prompt "Select your secure delete method:" default items {"dod"}
 theDeleteMethod
 
 
 set theDeleteMethodSetting to "--" & theDeleteMethod
 
 set beginning of the_results to "Delete Method " & theDeleteMethodSetting
 
 repeat with a from 1 to length of thePaths
  
  -- Update the progress detail
  set progressNotify to (theDeleteMethod as text) & " deletion of Path " & a & " of " & thePathCount
  
  set theCurrentListItem to item a of thePaths
  -- Process the image
  set theFilePath to POSIX path of theCurrentListItem
  --display notification theFilePath & "has been secure erased." with title "Secure Erase" subtitle "Processing is complete."
  set the_results to the_results & "\n processing \n" & theFilePath  & "\n" as text
  
  
  
  if isDirectory(theFilePath) then
   set the_results to the_results & "Directory \n"
   set theResult to do shell script srmLocation & " --verbose --verbose --recursive " & theDeleteMethodSetting & " " & quote & theFilePath & quote
   
  else
   set theResult to do shell script srmLocation & " --verbose --verbose --verbose " & theDeleteMethodSetting & " " & quote & theFilePath & quote
   
  end if
  set the_results to the_results & theResult & "\n" as text
  
  display notification theResult with title theFilePath subtitle progressNotify
  
  -- Increment the progress
  
  
  -- Pause for demonstration purposes, so progress can be seen
  delay 1
  
 end repeat
 
 set the_results to the_results & "Paths Processed " & thePathCount as text
 
 display dialog the_results
 return thePaths
end run

Save this action as “Secure Erase”

Secure Erase

Run the action

Choose the erase method

The results should look like this:

Results
Ventura
Secure Erase
Finder

--

--

Colin Bitterfield

Written by Colin Bitterfield

7 Followers

NIST certified Security Professional | 10+ years experience in infrastructure security and compliance | Experienced in creating security programs.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams