Understanding encryption using Disk Utility

Tony T1 wrote:

...but the OP is asking about encrypted disk images

Yes, that's what I mean. You can create them with Disk Utility, via the New Image icon in the Toolbar:

Pondini wrote:

Tony T1 wrote:

...but the OP is asking about encrypted disk images

Yes, that's what I mean. You can create them with Disk Utility, via the New Image icon in the Toolbar:

Then I don't understand your statement that "When an encrypted volume (an actual disk partition or a disk image) is backed-up, the data is decrypted." An encrypted disk image is not decrypted when backed-up.

It really doesn't matter (the end result for this purpose is the same), but I believe it is. Any time a user (or app) reads from it, the data is decrypted. If the destination is encrypted, the data is re-encrypted.

I'm baffled. What's the point of encrypted images or FV if some crook could steal your TM drive and find your data unencrypted?

christopher rigby1 wrote:

I'm baffled. What's the point of encrypted images or FV if some crook could steal your TM drive and find your data unencrypted?

WIth Lion, you can encrypt the TM Drive

Anyway, even if you choose not to encrypt the TM Drive, any Encrypted Disk Images backed up to TM will remain encrypted

Tony T1 wrote:

WIth Lion, you can encrypt the TM Drive

Anyway, even if you choose not to encrypt the TM Drive, any Encrypted Disk Images backed up to TM will remain encrypted

Including FV accounts?

Including FV accounts?

Encrypt the Time Machine Drive:

If in doubt, just encrypt the TM Drive

guy toronto wrote:

. . .

But Pondini's latest posting seems to suggest that if an app (TM?) reads data, it becomes decrypted. Not sure this makes sense.

Yes, that's exactly what happens. The data is copied and decrypted "on the fly" so you can read it. The original file (on disk) remains encrypted. Only the copy made in memory (RAM) for you to read or edit is decrypted.

When you then save, copy, export, the (unencrypted) data in memory, it may or may not be encrypted, depending on the destination. If you just save it back to the encrypted drive (or disk image), it will be encrytped. If you save it to an unencrypted drive (or disk image), it will not be encrypted.

Part of the confusion here is the difference between encrypting an entire volume vs. encrypting a disk image.

Agree that goal needs to be that encrypted data remains encrypted, even when backed-up - otherwise no real sense.

Not always. A laptop user who makes backups to an external HD may want the laptop's HD to be encrypted, so it's protected if the laptop is lost or stolen while the user is travelling, but may not want the backups to be encrypted, if the backup HD is in a secure place.

An encrypted disk image, however, will always be encrypted on disk, regardless of the encryption status of the volume it resides on.

Assume automatically scheduled backups through out the day. Assuming that during the day, there are times that the encrypted disk image is being used (ie a password has been entered), and other times not. What is happening in TM? Are all back-ups encrypted?

If the disk image is encrypted, the backups of it will be encrypted. But remember, the contents are only backed-up when the disk image is not mounted.

Hopefully this will clear things up:

Let's say you have an encrypted volume (either a disk partition or a disk image). When you mount the volume and enter the password, it gives OS X the ability to present the volume as if it wasn't encrypted. Anything read from the disk is decrypted on-the-fly, and anything written to the disk is encrypted on-the-fly. To the user, and his applications, the volume might as well not be encrypted.

This is the only way encrypted volumes can work, logically. If files weren't decrypted on-the-fly, then they would just appear as encrypted garbage to your applications and you wouldn't be able to open them.

So to answer the OP's question, if you copy a file from an encrypted volume (for example, your Mac, if you're using FileVault) to an unencrypted volume (for example, an unencrypted Time Machine disk), the file will be decrypted on-the-fly as it's read off the encrypted volume and stored in unencrypted form on the unencrypted volume. This might not be as worthless as it sounds since maybe your Mac is a laptop with a non-trivial chance of being stolen, whereas your Time Machine backup disk might be stored in your relatively safe office or home.

I don't want to start an argument but I don't see how what Pondini is saying could possibly be correct.

First of all, you can certainly use TM to back up mounted volumes, since almost everybody uses TM to back up their main (boot) hard drive, and you can't be expected to unmount your boot drive in order to back it up. Also, one of TM's main features is file versioning, so you can access a file as it was an hour ago in case you accidentally mess it up (hence the name "Time Machine"). That wouldn't be possible if you could only back up unmounted volumes since it means you'd have to unmount and remount whatever volume you're using every hour, which people obviously don't do.

Second, I don't believe TM backups are necessarily encrypted, even if they are backing up encrypted volumes, since there's a very prominent setting in TM that lets you choose whether or not your backup is encrypted. Presumably if this option is not checked, the backup is not encrypted. Otherwise, why have the option?

So if you want everything encrypted, I think it's very easy. Just turn on FileVault on your boot drive and select the option in Time Machine to encrypt your backup and you should be covered.

Time Machine won't back up the contents of a mounted disk image. Apple doesn't say why not, but since a disk image (except sparse bundle disk images) is actually a single (often very large) file, it would be likely for OSX to try to update it while it's being backed-up, or vice-versa. On a large one, that could lead to a very long hang of whichever process is second, or an inconsistent backup OSX allows both to occur at once. In addition, it might be seen as better to wait until it's closed, so intermediate changes don't cause multiple backups.