1 2 3 Previous Next 41 Replies Latest reply: Jan 13, 2013 2:57 PM by Pondini Go to original post
  • 30. Re: Understanding encryption using Disk Utility
    Pondini Level 8 Level 8 (38,720 points)

    Time Machine won't back up the contents of a mounted disk image.  Apple doesn't say why not, but since a disk image (except sparse bundle disk images) is actually a single (often very large) file, it would be likely for OSX to try to update it while it's being backed-up, or vice-versa.  On a large one, that could lead to a very long hang of whichever process is second, or an inconsistent backup OSX allows both to occur at once.   In addition, it might be seen as better to wait until it's closed, so intermediate changes don't cause multiple backups.

  • 31. Re: Understanding encryption using Disk Utility
    Pondini Level 8 Level 8 (38,720 points)

    motrek wrote:

    . . .

    First of all, you can certainly use TM to back up mounted volumes

    Yes, of course.  Nobody is saying anything different.

     

    We're talking about disk images, not disks (or partitions).

     

    Second, I don't believe TM backups are necessarily encrypted, even if they are backing up encrypted volumes, since there's a very prominent setting in TM that lets you choose whether or not your backup is encrypted. Presumably if this option is not checked, the backup is not encrypted. Otherwise, why have the option?

    Again, it's the difference between a disk or partition vs. a disk image.

     

    Whether your OSX drive is encrypted or not, the backups of it will or won't be encrypted depending on whether the backups are encrypted (either via the Encrypt backup disk option in TM prefs, or via Disk Utility).

     

    If you have an encrypted disk image on your OSX (or other) drive or partition, the backup of that disk image will be encrypted regardless.

  • 32. Re: Understanding encryption using Disk Utility
    motrek Level 1 Level 1 (25 points)

    Ah, okay, I'm sorry, I wasn't reading clearly enough and there has been some ambiguity between "volumes" and "disk images" in certain posts.

     

    You're right, it definitely makes sense that *DMGs* wouldn't be backed up by TM if they are mounted, encrypted or not.

     

    Also, if TM is backing up an encrypted DMG, then yes, it will remain encrypted in the backup. Imagine this scenario--you boot your computer and never enter the password to mount the DMG. The operating system has no way of decrypting the DMG but it can still back it up since it's just a file with bits and bytes. So clearly the backup DMG will be encrypted just as much as the source DMG, since it's the same bits.

     

    Sorry if I added to any confusion.

  • 33. Re: Understanding encryption using Disk Utility
    Pondini Level 8 Level 8 (38,720 points)

    motrek wrote:

    . . .

    Sorry if I added to any confusion.

    Not a problem.  Anything that ends up clarifying things is good. 

  • 34. Re: Understanding encryption using Disk Utility
    guy toronto Level 1 Level 1 (0 points)

    Appreciate your further comments. But reverting to the question of TM not backing up a mounted image, are you saying that TM will skip backing up the contents of my (encrypted) disk image while the image is mounted? Am I correct in my understanding that mounting of the disk image = making it available readable/available? If so, does this mean I have to make sure that the disk is unmounted in order to ensure that the material gets backed up?

     

    My apologies for being so dense!

  • 35. Re: Understanding encryption using Disk Utility
    motrek Level 1 Level 1 (25 points)

    I haven't used Time Machine in years but it would make sense that DMGs have to be unmounted to be backed up for the reasons Pondini went into.

     

    Personally I found Time Machine to not be flexible enough for my backup needs. If I were in your shoes I would just occasionally unmount the encrypted DMG and drag and drop it to my backup drive.

     

    If you buy a program like SuperDuper! you can make incremental copies of volumes, so you could have your encrypted DMG, and another encrypted DMG on a backup drive, mount both of them, and use SuperDuper! to copy the contents of one to the other, and it should be pretty quick. Much quicker than copying the entire DMG each time.

  • 36. Re: Understanding encryption using Disk Utility
    Pondini Level 8 Level 8 (38,720 points)

    guy toronto wrote:

     

    Thanks for the explanation. Forgive me for being technologically dense. Are you saying that in the case of an encrypted disk image, my back-up (using Time Machine) will be encrypted?

    Yes, the backup of that disk image will be encrypted.  The disk/partition it's on may or may not be, depending on whether the backup volume (disk, partition, or in the case of network backups, the sparse bundle disk image the backups are on) is encrypted.

     

    Think of a disk image as kind of a disk-within-a-disk.  It has it's own partiton map scheme, format, directory, etc.,  just like a "normal" disk or partition.  It just "lives" on a normal disk/partition, which may have a different setup.

     

    Disk images, of course, can also "live" on CDs/DVDs, etc. 

     

     

    - when the disk is mounted (ie data unencrypted), it will not be backed up. Back-up of data will only occur when the disk is not mounted (ie when the data is encrypted). Hence backed up data is always encrypted.

     

    Am I getting this right?

    For an encrypted disk image, yes.

     

    If you have an unencrypted disk image, the backup of it will not be encrypted (and it won't be backed-up when mounted, either).

  • 37. Re: Understanding encryption using Disk Utility
    Pondini Level 8 Level 8 (38,720 points)

    motrek wrote:

    . . .

    If you buy a program like SuperDuper! you can make incremental copies of volumes, so you could have your encrypted DMG, and another encrypted DMG on a backup drive, mount both of them, and use SuperDuper! to copy the contents of one to the other, and it should be pretty quick. Much quicker than copying the entire DMG each time.

    Unless it's a sparse bundle disk image, it will be copied in it's entirety.  The other types of disk images are treated as a single file, so if anything's changed, the whole thing is considered as changed.

     

    I'm not sure whether SuperDuper or CarbonCopy cloner will copy just the changed "bands" of a sparse bundle disk image, or the whole thing.  I've never experimented with that.

  • 38. Re: Understanding encryption using Disk Utility
    motrek Level 1 Level 1 (25 points)

    No, no, if you mount both DMGs then SuperDuper! can do a file-by-file incremental copy just as if you were copying one unencrypted disk to another.

  • 39. Re: Understanding encryption using Disk Utility
    Pondini Level 8 Level 8 (38,720 points)

    Ah, yes, that's probably true - the difference is "mounted."   

     

    Have you actually tested that to be sure?

  • 40. Re: Understanding encryption using Disk Utility
    motrek Level 1 Level 1 (25 points)

    Yes, I back up my FileVaulted boot drive to an encrypted DMG every week or so. Works fine. SuperDuper works on the file level... all the reading/writing/encrypting/decrypting is done by the operating system below that level, so SuperDuper has no idea it's writing to an encrypted DMG instead of just another disk.

  • 41. Re: Understanding encryption using Disk Utility
    Pondini Level 8 Level 8 (38,720 points)

    Ah, good.  It makes sense, but sometimes things that seem to make sense don't actually work that way. 

     

    Thanks for the confirmation.

1 2 3 Previous Next