Skip navigation

Understanding encryption using Disk Utility

4029 Views 41 Replies Latest reply: Jan 13, 2013 2:57 PM by Pondini RSS
1 2 3 Previous Next
guy toronto Calculating status...
Currently Being Moderated
Feb 2, 2012 2:10 PM

Using Disk Utility, I created an encrypted disk image, into which I have copied files I would like to secure. This works well, but I am trying to understand how things work, so that I can control exposure. Fundamentally, the question is when are files exposed, and when not. Clearly, when a password has been entered, the file is visible and available. But is it being decoded (ie is the underlying file is always encrypted)? If I make a copy of a file (after password entered), is this copy encrypted? If I make a back-up using Time Machine, are the back-up files (of encrypted files) encrypted?

Mac OS X (10.7.2)
  • Tony T1 Level 6 Level 6 (8,125 points)
  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Feb 2, 2012 2:30 PM (in response to guy toronto)

    guy toronto wrote:

    . . .

    But is it being decoded (ie is the underlying file is always encrypted)?

    Yes.

     

    If I make a copy of a file (after password entered), is this copy encrypted?

    Depends on where you put it.  If you copy it to an unencrypted volume (actual disk/partition or disk image), no.

     

    If I make a back-up using Time Machine, are the back-up files (of encrypted files) encrypted?

    No (unless the backup drive is also encrypted).

     

    Also note the contents of the disk image will not be backed-up while its mounted.

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Feb 2, 2012 3:17 PM (in response to guy toronto)

    In both cases, because it's unencrypted "on the fly." 

     

    If you copy or back up to an encrypted volume, it will be re-encrypted.

  • Tony T1 Level 6 Level 6 (8,125 points)
    Currently Being Moderated
    Feb 2, 2012 4:33 PM (in response to guy toronto)

    Think of it this way.  The encrypted disk image that you created is always encrypted.  When you click it (open it), you are asked for a password and then a Volume is mounted by decypting the disk image.  The mounted volume is unencryped, and any files that you move/copy from the Volume will remain decrypted.  If you maked changes to the files within the Volume, or add files to the Volume, once the Volume is Ejected, the disk image will be updated, and encrypted)

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Feb 2, 2012 4:34 PM (in response to guy toronto)

    I don't use Dropbox, but I think I've heard they encrypt everything.  If so, then yes, those backups will be encrypted (separately).

     

    Entering the password for the encrypted disk image on your Mac won't expose the Dropbox copies; they're entirely separate and will presumably have their own password.

  • Tony T1 Level 6 Level 6 (8,125 points)
    Currently Being Moderated
    Feb 2, 2012 4:49 PM (in response to Pondini)

    Wouldn't matter if Dropbox was not encrypted.  The disk image (that resides on DropBox) is always encrypted.  When the image is clicked and opened with a password, the disk image remains encypted.  The unencrypted Volume is attached to the Mac filesystem, and only "seen" there.

  • Tony T1 Level 6 Level 6 (8,125 points)
    Currently Being Moderated
    Feb 3, 2012 7:26 AM (in response to guy toronto)

    Using the same logic, wouldn't the Time Machine back-up (of an encrypted disk image) also remain encrypted? Pondini seems to suggest that this is not the case.

     

    What I think he means is, if the Volume is backed up to Time Machine, it won't be encrypted, but a mounted Volume from a  Disk Image is not backed up to Time Machine, so I'm not sure what he means.  The actual Disk Image (that is backed up to TM) is always encrypted.

     

    Finally, on a slightly different note (not sure if it's better to start a new question) ... how could I get to a similar result for emails (server is iCloud)? Ideally, I would want all the emails I store on iCloud to be encrypted. Is this doable?

     

    Apple has stated that anything in iCloud is encrypted (iCloud: iCloud security and privacy overview), so it comes down to if you trust Apple (could they have the key to your encrypted data?)

    MacBook Air, MacBook, Mac mini, Mac OS X (10.7.2)
  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Feb 3, 2012 8:56 AM (in response to Tony T1)

    Tony T1 wrote:

    . .

    What I think he means is, if the Volume is backed up to Time Machine, it won't be encrypted, but a mounted Volume from a  Disk Image is not backed up to Time Machine, so I'm not sure what he means.  The actual Disk Image (that is backed up to TM) is always encrypted.

    Yes, sorry, what I wrote was misleading: 

     

    • When an encrypted volume  (an actual disk partition or a disk image) is backed-up, the data is decrypted.   It's only re-encrypted if the destination is encrypted.  So if you use FileVault2, your backups of normal items will not be encrypted if they go to an unencrypted disk.  But, they will be encrypted if they go to an encrypted disk or disk image.

     

    • The contents of a disk image are backed-up only when it's not mounted.  If it's mounted, the disk image will appear in the backup, but the contents will not have changed.
  • Tony T1 Level 6 Level 6 (8,125 points)
    Currently Being Moderated
    Feb 3, 2012 9:07 AM (in response to Pondini)

    I think you're speaking about using Disk Utility to create an encrypted Volume:

     

         Screen Shot 2012-02-03 at 12.06.27 PM.png

     

    ...but the OP is asking about encrypted disk images

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.