Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Encrypted TimeMachine Network Backup Network
As the default setting, Time Machine does unencrypted backups. This hint changes that and works for both AFP and SMB shares.

As I backup my machine on a volume anyone in my network can access, I searched a way to store an encrypted backup. Unfortunately, if the target image for Time Machine simply is replaced by an encryptet image, the OS does not promt for entering a password and aborts.

In short, the trick is to copy a stored password from the user's Keychain to the System Keychain.

You need: A working Time Machine either normal or via the unsupported volumes method found for example in this forum. [crarko adds: I'm not sure if this is referring to this previous hint.]

Here is the procedure (found originally here). You may want to refer to that original post before trying this.
  • Turn off Time Machine backups.
  • Save and convert the image with the follwing commands (using the Terminal, where is propably hostname_macaddress):
        cd /path/to/image/
        mv .sparsebundle old_.sparsebundle
        hdiutil convert -format UDSB -o .sparsebundle -encryption AES-128 old_.sparsebundle
    
    This process might take a LONG time, based on how big the image is.

    A tip to save some time but removes the existing backup, so be careful:

    If you are using the supported method delete the current backup, start a new one and abort as soon as Time Machine created the new image name.sparsebundle file on the network volume. Copy it to the local machine, convert it there and then push it back to the network volume

    If you use the unsupported volume method and needed to create a volume manually, just reproduce these steps, except that you can encrypt the volume from the beginning.
  • Open the image via Finder. When it prompts you for entering the password, make sure to store it in the Keychain. If it doesn't prompt and you are sure it is encrypted, the password might be stored there already.
  • Open up the Keychain app, search the image name.sparsebundle entry and copy it to the System Keychain (found in the left sidebar, you might need to unlock it before you can paste).
  • Reenable Time Machine and start the backup. It will connect to the network volume and be able to open the image, because the needed key is stored in the Keychain.
That's it.

[crarko adds: I haven't tested this one. If you're going to try this, I'd advise saving the old Time Machine backup on a separate drive (if feasible) instead of deleting it, and just create a new backup image using the procedure here. The original post doesn't delete the old backup until the new one is known to work, and that's a good idea.]
    •    
  • Currently 4.20 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (5 votes cast)
 
[11,926 views]  

Encrypted TimeMachine Network Backup | 1 comments | Create New Account
Click here to return to the 'Encrypted TimeMachine Network Backup' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Encrypted TimeMachine Network Backup
Authored by: boston_guy on Apr 13, '11 07:51:45PM

In my case, the conversion process didn't bring over the com.apple.TimeMachine.MachineID.plist file that identifies the sparsebundle as a backup destination. This made Time Machine create a new sparsebundle instead of reusing. I resolved the problem by copying the plist from the newly created sparsebundle.

(This was based on a tidbit from the following blog post http://thepracticeofcode.com/post/749686705/encrypted-rotating-time-machine-backups-on-snow)



[ Reply to This | # ]