OpenDLP Setup Guide

When you first launch OpenDLP, you'll be greeted with the setup wizard. This screen gives you an overview of what the app protects: Military-Grade Encryption (AES-256-GCM with Secure Enclave), Real-Time Monitoring, Secure Vaults for USB and local folders, and Threat Intelligence with advanced pattern detection.

Click Next to begin configuring your security system.

Step 1 — The welcome screen shows the 9-step progress bar and core feature overview

Create your master account. Enter a username and email address (confirmed twice). This account is the owner-level identity for your OpenDLP installation — it controls device authorization, vault access, and security policies.

Your email is used for account recovery and security notifications only. No data is sent to external servers.

Step 2 — Create your master account with username and email

OpenDLP automatically registers your Mac using a hardware-bound device fingerprint. This is generated from three sources:

• Secure Enclave ID — Hardware-backed key unique to your chip (nearly impossible to spoof)
• Hardware UUID — IOPlatformUUID that survives OS reinstalls
• Serial Number — Your Mac's unique serial

The composite SHA-256 hash of these three values becomes your Device Fingerprint. This is what binds vault access to your specific hardware — even if someone copies your vault files, they can't decrypt them without your physical machine.

Step 3 — Device name, fingerprint hash, and Secure Enclave detection

Configure additional verification methods to protect your OpenDLP account. Three options are available:

• Passkey (Recommended) — Use Touch ID or Face ID for biometric authentication
• YubiKey — Hardware security key for maximum protection
• Authenticator App — Google Authenticator, Authy, or similar TOTP apps

You can also generate Recovery Codes for backup access. Store these in a safe place — they're your fallback if you lose access to your authentication methods.

Step 4 — MFA options with Passkey enabled by default and recovery code generation

Choose your Access Control Policy and Encryption Policy, then toggle individual security features.

Access Control Policies:

• Strict — Owner-only access, no external devices
• Balanced — Full-trust devices can write, others read-only. Good for team collaboration
• Flexible — Temporary access grants for external devices

Encryption Policies:

• Automatic — Encrypt files automatically when crossing boundaries (recommended)
• Prompt — Ask before encrypting
• Disabled — No automatic encryption

Security Features: Auto-Lock on Threats, Tamper Detection, and Audit Logging can each be toggled independently.

Step 5 — Access control, encryption policy, and security feature toggles

Configure what security events trigger native macOS notifications. OpenDLP will alert you in real-time for:

• Exfiltration Attempts — When unauthorized processes try to access vault files
• File Encryption Events — When files are automatically encrypted for protection
• Threat Level Changes — When threat level escalates from Normal to Elevated or High
• Vault Lockdown — Confirmation when vaults are locked down for protection

Quick Actions from notifications let you Lock All Vaults or Open Dashboard with one click.

Step 6 — Security alerts and quick actions from native macOS notifications

Entropy is the randomness used to generate your encryption keys. More entropy = stronger keys. OpenDLP provides three tiers:

• Standard Entropy (Always Active, 512 bits) — Keyboard timing, mouse movement patterns, Nightmare Alphabet (Level 1), and system entropy pool
• Audio Visualizer Entropy (Optional, +128 bits) — Real-time microphone capture, frequency analysis, audio level variations. Requires microphone permission
• EMF Detection Entropy (Optional, +128 bits) — Electromagnetic field detection, frequency & power measurements, signal strength variations. Simulated mode available (no hardware required)

With all sources enabled, you get 768 bits of entropy — maximum security for key generation.

Step 7 — All entropy sources enabled: 768 bits of randomness for key generation

Select a USB drive to create your first encrypted vault. OpenDLP will detect available removable drives and let you choose one to encrypt with AES-256-GCM.

Don't have a USB drive? No problem — OpenDLP also auto-protects your ~/Documents folder on launch, so you're covered either way.

Step 8 — Select a USB drive to create your first encrypted vault

You're done! The completion screen confirms:

• Security Enabled — All protection systems are active
• Account Created — Your username and owner privileges are set
• Device Registered — Your Mac's hardware fingerprint is bound to your account

From here you can launch the Management App to access the dashboard, or close the wizard. Three quick-start options are shown: Monitor (live attack feed), Protect (lock your vaults), and Alerts (native notifications).

Step 9 — Setup complete with next-step quick actions: Monitor, Protect, and Alerts

After setup, you'll land on the main OpenDLP dashboard. Here you can see your Protection Status at a glance: active vaults, protected files, encrypted files, and blocked threats. The Lock All Vaults button gives you instant lockdown capability.

Below the status cards, you'll see your Device Fingerprint (locked behind biometric unlock) and a list of all Protected Folders currently being monitored.

Main dashboard — Protection status, device info, and protected folder list

Click any protected folder to see detailed statistics: total files, protected files, last scan time, protection mode, and a Danger Zone option to remove protection if needed.

Folder detail view — Documents folder showing 79,272 protected files with active hidden protection