Skip navigation

Understanding encryption using Disk Utility

4039 Views 41 Replies Latest reply: Jan 13, 2013 2:57 PM by Pondini RSS
  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Jan 13, 2013 1:17 PM (in response to guy toronto)

    Time Machine won't back up the contents of a mounted disk image.  Apple doesn't say why not, but since a disk image (except sparse bundle disk images) is actually a single (often very large) file, it would be likely for OSX to try to update it while it's being backed-up, or vice-versa.  On a large one, that could lead to a very long hang of whichever process is second, or an inconsistent backup OSX allows both to occur at once.   In addition, it might be seen as better to wait until it's closed, so intermediate changes don't cause multiple backups.

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Jan 13, 2013 1:24 PM (in response to motrek)

    motrek wrote:

    . . .

    First of all, you can certainly use TM to back up mounted volumes

    Yes, of course.  Nobody is saying anything different.

     

    We're talking about disk images, not disks (or partitions).

     

    Second, I don't believe TM backups are necessarily encrypted, even if they are backing up encrypted volumes, since there's a very prominent setting in TM that lets you choose whether or not your backup is encrypted. Presumably if this option is not checked, the backup is not encrypted. Otherwise, why have the option?

    Again, it's the difference between a disk or partition vs. a disk image.

     

    Whether your OSX drive is encrypted or not, the backups of it will or won't be encrypted depending on whether the backups are encrypted (either via the Encrypt backup disk option in TM prefs, or via Disk Utility).

     

    If you have an encrypted disk image on your OSX (or other) drive or partition, the backup of that disk image will be encrypted regardless.

  • motrek Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jan 13, 2013 1:27 PM (in response to Pondini)

    Ah, okay, I'm sorry, I wasn't reading clearly enough and there has been some ambiguity between "volumes" and "disk images" in certain posts.

     

    You're right, it definitely makes sense that *DMGs* wouldn't be backed up by TM if they are mounted, encrypted or not.

     

    Also, if TM is backing up an encrypted DMG, then yes, it will remain encrypted in the backup. Imagine this scenario--you boot your computer and never enter the password to mount the DMG. The operating system has no way of decrypting the DMG but it can still back it up since it's just a file with bits and bytes. So clearly the backup DMG will be encrypted just as much as the source DMG, since it's the same bits.

     

    Sorry if I added to any confusion.

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Jan 13, 2013 1:29 PM (in response to motrek)

    motrek wrote:

    . . .

    Sorry if I added to any confusion.

    Not a problem.  Anything that ends up clarifying things is good. 

  • motrek Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jan 13, 2013 2:03 PM (in response to guy toronto)

    I haven't used Time Machine in years but it would make sense that DMGs have to be unmounted to be backed up for the reasons Pondini went into.

     

    Personally I found Time Machine to not be flexible enough for my backup needs. If I were in your shoes I would just occasionally unmount the encrypted DMG and drag and drop it to my backup drive.

     

    If you buy a program like SuperDuper! you can make incremental copies of volumes, so you could have your encrypted DMG, and another encrypted DMG on a backup drive, mount both of them, and use SuperDuper! to copy the contents of one to the other, and it should be pretty quick. Much quicker than copying the entire DMG each time.

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Jan 13, 2013 2:12 PM (in response to guy toronto)

    guy toronto wrote:

     

    Thanks for the explanation. Forgive me for being technologically dense. Are you saying that in the case of an encrypted disk image, my back-up (using Time Machine) will be encrypted?

    Yes, the backup of that disk image will be encrypted.  The disk/partition it's on may or may not be, depending on whether the backup volume (disk, partition, or in the case of network backups, the sparse bundle disk image the backups are on) is encrypted.

     

    Think of a disk image as kind of a disk-within-a-disk.  It has it's own partiton map scheme, format, directory, etc.,  just like a "normal" disk or partition.  It just "lives" on a normal disk/partition, which may have a different setup.

     

    Disk images, of course, can also "live" on CDs/DVDs, etc. 

     

     

    - when the disk is mounted (ie data unencrypted), it will not be backed up. Back-up of data will only occur when the disk is not mounted (ie when the data is encrypted). Hence backed up data is always encrypted.

     

    Am I getting this right?

    For an encrypted disk image, yes.

     

    If you have an unencrypted disk image, the backup of it will not be encrypted (and it won't be backed-up when mounted, either).

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Jan 13, 2013 2:16 PM (in response to motrek)

    motrek wrote:

    . . .

    If you buy a program like SuperDuper! you can make incremental copies of volumes, so you could have your encrypted DMG, and another encrypted DMG on a backup drive, mount both of them, and use SuperDuper! to copy the contents of one to the other, and it should be pretty quick. Much quicker than copying the entire DMG each time.

    Unless it's a sparse bundle disk image, it will be copied in it's entirety.  The other types of disk images are treated as a single file, so if anything's changed, the whole thing is considered as changed.

     

    I'm not sure whether SuperDuper or CarbonCopy cloner will copy just the changed "bands" of a sparse bundle disk image, or the whole thing.  I've never experimented with that.

  • motrek Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jan 13, 2013 2:22 PM (in response to Pondini)

    No, no, if you mount both DMGs then SuperDuper! can do a file-by-file incremental copy just as if you were copying one unencrypted disk to another.

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Jan 13, 2013 2:25 PM (in response to motrek)

    Ah, yes, that's probably true - the difference is "mounted."   

     

    Have you actually tested that to be sure?

  • motrek Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jan 13, 2013 2:55 PM (in response to Pondini)

    Yes, I back up my FileVaulted boot drive to an encrypted DMG every week or so. Works fine. SuperDuper works on the file level... all the reading/writing/encrypting/decrypting is done by the operating system below that level, so SuperDuper has no idea it's writing to an encrypted DMG instead of just another disk.

  • Pondini Level 8 Level 8 (38,710 points)
    Currently Being Moderated
    Jan 13, 2013 2:57 PM (in response to motrek)

    Ah, good.  It makes sense, but sometimes things that seem to make sense don't actually work that way. 

     

    Thanks for the confirmation.

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.