May 30, 2010 at 23:01Time Machine Backup Encryption
For those who are worried about the security of their backups in Time Machine, there is a solution.
The method described below works if you use:
- Time Machine paired with Time Capsule;
- Time Machine, coupled with an external drive formatted in HFS + and connected to AirPort via USB.
Surely other tricks will work, the main thing is that the disk be shared on the network using the AFP protocol.
So the procedure is as follows:
1. Open the terminal (Applications - Utilities - Terminal).
2. Copy the finished Time Machine backup of the username.sparsebundle type (for convenience, to the root of a drive).
2.1. For reliability, I advise you to make a backup copy from your media so as not to lose data in case of inept actions.
3. Go to administrator mode (sudo su) and enter the password for your account.
4. In the terminal, we go to the core drive where the backups are:
- cd / Volumes - go to the folder with available drives;
- ls - get a list of available disks;
- go to the disk where the backup is stored - cd BackupDisk (disk name).
5. We encrypt the bundle with the hdiutil utility backup.
The utility syntax is something like this:
hdiutil convert -format UDSB -o OUTPUT FILE / -encryption AES-256 INPUT FILE / .
To speed up the backup name, you need to print the first 2 characters of the name and press tab - the name will be added automatically.
Example:
hdiutil convert -format UDSB -o cryptobackup.sparsebundle / -encryption AES-256 username.sparsebundle /
Enter a new password to secure "cryptobackup.sparsebundle":
Re-enter new password:
Reading Driver Descriptor Map (DDM: 0) ...
Reading Apple (Apple_partition_map: 1) ...
Reading disk image (Apple_HFSX: 2) ...
................................. ...........................
We get the encrypted file
6. Open Finder and right-click on the backup source file - select show package contents, copy file com.apple.TimeMachine.MachineID.plist.
7. Open the similarly newly received encrypted backup and insert this file into the encrypted backup.
8. Then we execute the command for the encrypted backup (the command will set the maximum size of the encrypted container that will store your data):
hdiutil resize -size 1t (1 gigabyte - 1g) cryptobackup.sparsebundle /
9. We bring the name of the encrypted backup in full accordance with what is stored on your media that uses Time Machine and is copied with replacement to your backup media.
10. At the end of copying, open the backup via Finder and enter the password, if necessary, save the password in your Keychain so as not to enter it manually during backups, then dismantle the backup (Eject).
11. Since Time Machine is a system application, open Keychain, find the password for the backup and drag it into the System category.
12. We make backups automatically to an encrypted file.
PS. If you did something wrong Time Machine will make a new file with a backup of the form username1.sparsebundle I
tried to paint everything as detailed as possible for users with different levels of training. I can not clearly illustrate, because This method has been tested with a test instance of Time Capsule.
The method described below works if you use:
- Time Machine paired with Time Capsule;
- Time Machine, coupled with an external drive formatted in HFS + and connected to AirPort via USB.
Surely other tricks will work, the main thing is that the disk be shared on the network using the AFP protocol.
So the procedure is as follows:
1. Open the terminal (Applications - Utilities - Terminal).
2. Copy the finished Time Machine backup of the username.sparsebundle type (for convenience, to the root of a drive).
2.1. For reliability, I advise you to make a backup copy from your media so as not to lose data in case of inept actions.
3. Go to administrator mode (sudo su) and enter the password for your account.
4. In the terminal, we go to the core drive where the backups are:
- cd / Volumes - go to the folder with available drives;
- ls - get a list of available disks;
- go to the disk where the backup is stored - cd BackupDisk (disk name).
5. We encrypt the bundle with the hdiutil utility backup.
The utility syntax is something like this:
hdiutil convert -format UDSB -o OUTPUT FILE / -encryption AES-256 INPUT FILE / .
To speed up the backup name, you need to print the first 2 characters of the name and press tab - the name will be added automatically.
Example:
hdiutil convert -format UDSB -o cryptobackup.sparsebundle / -encryption AES-256 username.sparsebundle /
Enter a new password to secure "cryptobackup.sparsebundle":
Re-enter new password:
Reading Driver Descriptor Map (DDM: 0) ...
Reading Apple (Apple_partition_map: 1) ...
Reading disk image (Apple_HFSX: 2) ...
................................. ...........................
We get the encrypted file
6. Open Finder and right-click on the backup source file - select show package contents, copy file com.apple.TimeMachine.MachineID.plist.
7. Open the similarly newly received encrypted backup and insert this file into the encrypted backup.
8. Then we execute the command for the encrypted backup (the command will set the maximum size of the encrypted container that will store your data):
hdiutil resize -size 1t (1 gigabyte - 1g) cryptobackup.sparsebundle /
9. We bring the name of the encrypted backup in full accordance with what is stored on your media that uses Time Machine and is copied with replacement to your backup media.
10. At the end of copying, open the backup via Finder and enter the password, if necessary, save the password in your Keychain so as not to enter it manually during backups, then dismantle the backup (Eject).
11. Since Time Machine is a system application, open Keychain, find the password for the backup and drag it into the System category.
12. We make backups automatically to an encrypted file.
PS. If you did something wrong Time Machine will make a new file with a backup of the form username1.sparsebundle I
tried to paint everything as detailed as possible for users with different levels of training. I can not clearly illustrate, because This method has been tested with a test instance of Time Capsule.