guy toronto wrote:
. . .
But Pondini's latest posting seems to suggest that if an app (TM?) reads data, it becomes decrypted. Not sure this makes sense.
Yes, that's exactly what happens. The data is copied and decrypted "on the fly" so you can read it. The original file (on disk) remains encrypted. Only the copy made in memory (RAM) for you to read or edit is decrypted.
When you then save, copy, export, the (unencrypted) data in memory, it may or may not be encrypted, depending on the destination. If you just save it back to the encrypted drive (or disk image), it will be encrytped. If you save it to an unencrypted drive (or disk image), it will not be encrypted.
Part of the confusion here is the difference between encrypting an entire volume vs. encrypting a disk image.
Agree that goal needs to be that encrypted data remains encrypted, even when backed-up - otherwise no real sense.
Not always. A laptop user who makes backups to an external HD may want the laptop's HD to be encrypted, so it's protected if the laptop is lost or stolen while the user is travelling, but may not want the backups to be encrypted, if the backup HD is in a secure place.
An encrypted disk image, however, will always be encrypted on disk, regardless of the encryption status of the volume it resides on.
Assume automatically scheduled backups through out the day. Assuming that during the day, there are times that the encrypted disk image is being used (ie a password has been entered), and other times not. What is happening in TM? Are all back-ups encrypted?
If the disk image is encrypted, the backups of it will be encrypted. But remember, the contents are only backed-up when the disk image is not mounted.