As the default setting, Time Machine does unencrypted backups. This hint changes that and works for both AFP and SMB shares.
As I backup my machine on a volume anyone in my network can access, I searched a way to store an encrypted backup. Unfortunately, if the target image for Time Machine simply is replaced by an encryptet image, the OS does not promt for entering a password and aborts.
In short, the trick is to copy a stored password from the user's Keychain to the System Keychain.
You need: A working Time Machine either normal or via the unsupported volumes method found for example in this forum. [crarko adds: I'm not sure if this is referring to this previous hint.]
Here is the procedure (found originally here). You may want to refer to that original post before trying this.
[crarko adds: I haven't tested this one. If you're going to try this, I'd advise saving the old Time Machine backup on a separate drive (if feasible) instead of deleting it, and just create a new backup image using the procedure here. The original post doesn't delete the old backup until the new one is known to work, and that's a good idea.]
As I backup my machine on a volume anyone in my network can access, I searched a way to store an encrypted backup. Unfortunately, if the target image for Time Machine simply is replaced by an encryptet image, the OS does not promt for entering a password and aborts.
In short, the trick is to copy a stored password from the user's Keychain to the System Keychain.
You need: A working Time Machine either normal or via the unsupported volumes method found for example in this forum. [crarko adds: I'm not sure if this is referring to this previous hint.]
Here is the procedure (found originally here). You may want to refer to that original post before trying this.
- Turn off Time Machine backups.
- Save and convert the image with the follwing commands (using the Terminal, where
is propably hostname_macaddress): This process might take a LONG time, based on how big the image is.cd /path/to/image/ mv
.sparsebundle old_ .sparsebundle hdiutil convert -format UDSB -o .sparsebundle -encryption AES-128 old_ .sparsebundle
A tip to save some time but removes the existing backup, so be careful:
If you are using the supported method delete the current backup, start a new one and abort as soon as Time Machine created the new image name.sparsebundle file on the network volume. Copy it to the local machine, convert it there and then push it back to the network volume
If you use the unsupported volume method and needed to create a volume manually, just reproduce these steps, except that you can encrypt the volume from the beginning. - Open the image via Finder. When it prompts you for entering the password, make sure to store it in the Keychain. If it doesn't prompt and you are sure it is encrypted, the password might be stored there already.
- Open up the Keychain app, search the image name.sparsebundle entry and copy it to the System Keychain (found in the left sidebar, you might need to unlock it before you can paste).
- Reenable Time Machine and start the backup. It will connect to the network volume and be able to open the image, because the needed key is stored in the Keychain.
[crarko adds: I haven't tested this one. If you're going to try this, I'd advise saving the old Time Machine backup on a separate drive (if feasible) instead of deleting it, and just create a new backup image using the procedure here. The original post doesn't delete the old backup until the new one is known to work, and that's a good idea.]
•
[12,004 views]

